• Home
  • Internet
  • Huge ‘Zenbleed’ vulnerability in AMD Ryzen processors: Sensitive information is completely vulnerable!

Huge ‘Zenbleed’ vulnerability in AMD Ryzen processors: Sensitive information is completely vulnerable!

A new vulnerability has been discovered affecting AMD's Zen 2 processor lineup, which includes popular processors such as the budget-friendly Ryzen 5 3600, that could be exploited to steal sensitive data such as passwords and encryption keys. Google security...
 Huge ‘Zenbleed’ vulnerability in AMD Ryzen processors: Sensitive information is completely vulnerable!
READING NOW Huge ‘Zenbleed’ vulnerability in AMD Ryzen processors: Sensitive information is completely vulnerable!
A new vulnerability has been discovered affecting AMD’s Zen 2 processor lineup, which includes popular processors such as the budget-friendly Ryzen 5 3600, that could be exploited to steal sensitive data such as passwords and encryption keys. Google security researcher Tavis Ormandy first reported this vulnerability, designated “Zenbleed” (CVE-2023-20593) to AMD on May 15 and detailed it on his blog a while ago.

All processors with Zen 2 architecture are affected

The entire Zen 2 product line is affected, including all processors in the AMD Ryzen 3000/4000/5000/7020 series, the Ryzen Pro 3000/4000 series, and AMD’s EPYC “Rome” data center processors. AMD has released the projected release timeline for closure, and most firmware updates are not expected until later this year.

According to Cloudflare, the Zenbleed vulnerability does not require physical access to a user’s computer to attack and can even be run remotely via Javascript on a web page. If executed successfully, the open allows data to be transferred at 30 kbps per core per second. This speed is fast enough to steal sensitive data from any software. The ability of this attack to read data from virtual machines poses a threat, especially to cloud service providers and those using cloud applications.

undetectable

Worse still, Zenbleed is a direct architectural vulnerability so it cannot be avoided by any security software because it does not require any special system calls or privileges to obtain the data. In this respect, it is similar to the Specter and Meltdown exploits we have seen in previous years. Considering that it is easier to exploit the vulnerability, we can say that Zenbleed is more like Meltdown.

AMD has already released a microcode patch for the second generation EPYC 7002 series processors, but the next updates for the remaining CPU series are not expected until October 2023 at the earliest. The company has not disclosed whether these updates will affect system performance, but a statement AMD gave to TomsHardware suggests this is a possibility: “Any performance impacts will vary depending on workload and system configuration.”

Follow AMD’s microcode updates!

Both Ormandy, who discovered the vulnerability, and experts strongly recommend that AMD implement the microcode update. Ormandy states that some temporary software measures can be taken before the updates come, but he underlines that this temporary approach will cause performance loss. In the table below, you can see the processors affected by the Zenbleed vulnerability, the upcoming Agesa version and the patch date.

AMD processors affected by the ‘Zenbleed’ vulnerability

Processor model New Agesa Firmware Release Patch Date
Ryzen 3 3100

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 3 3300X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 3 4100 ComboAM4v2PI_1.2.0.C December 2023
Ryzen 3 4300G ComboAM4v2PI_1.2.0.C December 2023
Ryzen 3 4300GE ComboAM4v2PI_1.2.0.C December 2023
Ryzen 4700S ComboAM4v2PI_1.2.0.C December 2023
Ryzen 5 3500

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 5 3500X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 5 3600

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 5 3600X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 5 3600XT

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 5 4500 ComboAM4v2PI_1.2.0.C December 2023
Ryzen 5 4600G ComboAM4v2PI_1.2.0.C December 2023
Ryzen 5 4600GE ComboAM4v2PI_1.2.0.C December 2023
Ryzen 7 3700X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 7 3800X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 7 3800XT

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 7 4700G ComboAM4v2PI_1.2.0.C December 2023
Ryzen 7 4700GE ComboAM4v2PI_1.2.0.C December 2023
Ryzen 9 3900

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 9 3900X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 9 3900XT

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen 9 3950X

ComboAM4v2PI_1.2.0.C

ComboAM4PI_1.0.0.C

December 2023
Ryzen Threadripper 3960X

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.9

November/December 2023
Ryzen Threadripper 3970X

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.8

November/December 2023
Ryzen Threadripper 3990X

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.7

November/December 2023
Ryzen Threadripper Pro 3945WX

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.13

November/December 2023
Ryzen Threadripper Pro 3955WX

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.12

November/December 2023
Ryzen Threadripper Pro 3975WX

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.10

November/December 2023
Ryzen Threadripper Pro 3995WX

CastlePeakWSPI-sWRX8 1.0.0.C

ChagallWSPI-sWRX8 1.0.0.11

November/December 2023
Ryzen 3 4300U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 3 5300U CezannePI-FP6_1.0.1.0 December 2023
Ryzen 3 7320U MendocinoPI-FT6_1.0.0.6 December 2023
Ryzen 5 4500U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 5 4600H RenoirPI-FP6_1.0.0.D November 2023
Ryzen 5 4600HS RenoirPI-FP6_1.0.0.D November 2023
Ryzen 5 4600U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 5 4680U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 5 5500U CezannePI-FP6_1.0.1.0 December 2023
Ryzen 5 7520U MendocinoPI-FT6_1.0.0.6 December 2023
Ryzen 7 4700U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 7 4800U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 7 4980U RenoirPI-FP6_1.0.0.D November 2023
Ryzen 7 5700U CezannePI-FP6_1.0.1.0 December 2023
Ryzen 9 4900H RenoirPI-FP6_1.0.0.D November 2023
Ryzen 9 4800H RenoirPI-FP6_1.0.0.D November 2023
Ryzen 9 4800HS RenoirPI-FP6_1.0.0.D November 2023
Ryzen 9 4900HS RenoirPI-FP6_1.0.0.D November 2023

Comments
Leave a Comment

Details
208 read
okunma24732
0 comments