"AMD 'Zenbleed' Bug Allows Data Theft From Zen 2 Ryzen 3000, EPYC CPUs: Patches Coming"
Tavis Ormandy, a Google Information Security researcher, has posted information about a new vulnerability he discovered independently in AMD's Zen 2 processors. The 'Zenbleed' vulnerability affects the entire Zen 2 product stack, including AMD's EPYC data center processors and Ryzen 3000 CPUs, enabling the theft of sensitive information, such as encryption keys and user logins, from the CPU. According to Ormandy, the attack does not require physical access to the computer or server. It can even be executed via JavaScript on a webpage. The Zenbleed vulnerability, tracked as CVE-2023-20593, allows data exfiltration at a rate of 30kb per core, per second, which is enough to take sensitive information flowing through the processor. This attack is effective against all software operating on the processor, including Virtual Machines (VMs), sandboxes, containers, and processes. This attack's ability to read data across VMs poses a significant threat to cloud service providers and cloud instance users. This article continues to discuss the Zenbleed vulnerability.