AMD ‘Zenbleed’ bug can leak passwords from Ryzen CPUs (www.theverge.com)

submitted 1 year ago by Chozo@kbin.social to c/cybersecurity@infosec.pub

3 comments fedilink hide all child comments

A new vulnerability impacting AMD’s line of Zen 2 processors — which includes popular CPUs like the budget-friendly Ryzen 5 3600 — has been discovered that can be exploited to steal sensitive data like passwords and encryption keys. Google security researcher Tavis Ormandy disclosed the “Zenbleed” bug (filed as CVE-2023-20593) on his blog this week after first reporting the vulnerability to AMD on May 15th.

The entire Zen 2 product stack is impacted by the vulnerability, including all processors within the AMD Ryzen 3000 / 4000 / 5000 / 7020 series, the Ryzen Pro 3000 / 4000 series, and AMD’s EPYC “Rome” data center processors. AMD has since published its anticipated release timeline for patching out the exploit, with most firmware updates not expected to arrive until later this year.

top 3 comments

sorted by: hot top controversial new old

[-] N7x@infosec.pub 2 points 1 year ago

Write-up: https://lock.cmpxchg8b.com/zenbleed.html

[-] N7x@infosec.pub 2 points 1 year ago

Additional link: https://arstechnica.com/information-technology/2023/07/encryption-breaking-password-leaking-bug-in-many-amd-cpus-could-take-months-to-fix/

[-] nibuch@infosec.pub 1 points 1 year ago

I didn't know much about speculative execution until researching this vuln. It's wild. Execute an instruction and then roll back some flags - what could go wrong?

this post was submitted on 25 Jul 2023

32 points (100.0% liked)

cybersecurity

3077 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub