AMD Fixes Microcircuit Paging Holes

AMD, a well-known manufacturer of microcircuits, began release for its processors subject to a serious vulnerability – Zenbleed. The defect allows the abduction of passwords, cryptographic keys, and other confidential information from the infected system. [1]

Under the influence of Zenbleed, the chips of Ryzen and Epyc Zen 2 are affected. Information from them can be stolen at a speed of at least 30 kbytes per second per nucleus. This is enough for someone to spy on other users on a common server, such as a cloud host. Unlike related defects like Spectre, Zenbleed is quite easy to exploit and is associated with excessive speculative execution. [1]

The vulnerability was discovered by Tavis Ormandi, a specialist at Google, during equipment testing. AMD became aware of the problem in May 2023. The company aims to address the issue through microcode updates and urges users to update their devices as soon as possible. [2]

Using Zenbleed, an attacker can view the data processed by applications and the operating system. For example, a malicious web page running specially prepared JavaScript can secretly exploit Zenbleed on a user’s personal computer to eavesdrop on information. Ormandi has provided an example operation to demonstrate the effectiveness of potential attacks on the Zen 2 Epyc system by utilizing unhealthy arbitrary code. [3]

Zen 2 processors affected by the vulnerability include Ryzen 3000, Ryzen Pro 3000, Ryzen Threadripper 3000, Ryzen 4000 Pro, Ryzen 4000, 5000, and 7020 with Radeon graphics, and Epyc Rome. Patch updates for the EPYC 7002 “Rome” processors have already been released by AMD. However, updates for Zen 2 Ryzen 3000, 4000, and some 5000 series are expected in November-December 2023. It remains uncertain whether the threat affects processors used in PS5, Xbox Series X and S, and Steam Deck. [4]

AMD rates the vulnerability as having moderate seriousness. The manufacturer is currently working on confirming the presence of corrections in new firmware and is expected to provide detailed security recommendations. At present, the only way to bypass the problem is to install a control bit that disables certain functions, although this may result in noticeable performance decrease. [5]

Sources:

/Reports, release notes, official announcements.