A new security flaw called "Zenbleed" has been discovered in AMD Zen 2 CPUs

A new security flaw called “Zenbleed” has been discovered in AMD Zen 2 CPUs, which could allow hackers to steal sensitive data such as passwords and encryption keys from affected PCs or servers. The vulnerability was discovered by Tavis Ormandy, a vulnerability researcher working for Google’s Project Zero team. AMD has acknowledged the issue and has stated that it will take months to fix the vulnerability.

Patches are expected to be released between now and 2024. It is recommended that users keep their systems up to date with the latest security patches and updates to protect against this vulnerability.

According to AMD, the vulnerability has already been patched on EPYC 7002 series servers thanks to a firmware update released today. In a press release sent to Tom’s Hardware AMD says:

AMD is not aware of any known exploitation of the vulnerability described outside of the search environment.

Cloudflare, which uses AMD CPUs in its servers, says it has found no “evidence that the bug is being exploited” by cybercriminals.

The update for EPYC 7002 series server chips can be downloaded from the link:

Security update for EPYC 7002 chips – download

On the other hand, the CPU maker says it will take longer to fix the problem on other processors. However, the company already warns that the processors will have some negative impact on performance after receiving the fix, but that “any impact on performance will vary depending on the workload and system configuration.”

Below is the list of processors affected by Zenbleed and when they should receive an official fix from AMD:

Ryzen 3000 (desktop): December 2023
Ryzen 4000G (desktop): December 2023
Ryzen 4000 (laptop): November 2023
Ryzen 5700U/5500U/5300U (laptop): December 2023
Ryzen 7020 (laptop): December 2023
Ryzen Threadripper 3000: October 2023
Ryzen Threadripper Pro 3000WX: November/December 2023
EPYC 7002: Update Now Available

As we can see, unfortunately it will be months before the security breach is closed. Until then, the recommendation is to just visit download programs and applications from trusted sources and visit known websites, as hackers can exploit the vulnerability via JavaScript.

Original story (25/07/2023 – 17h49)

AMD processors have bug that can cause leakage of passwords and sensitive data

Contents show

A Google cybersecurity researcher has identified an issue affecting multiple AMD processor models. Tavis Ormandy explained his findings in a blog post, detailing how the breach could cause the leakage of sensitive information in computers powered by Zen 2-based chips.

Known as “Zenbleed” — a portmanteau of the name of the Zen architecture and the term bleed — the security hole can be exploited to steal passwords and cryptographic keys without the need for physical access to the computer, leaving the system vulnerable to remote attacks using only a web page with Javascript.

If the malicious code is executed successfully, the affected processors could transfer data at a rate of 30 kb per second on each CPU core, which is significantly faster to intercept a user’s sensitive data.

Under specific circumstances, a record may not be written correctly as “0” (binary system). This can cause data from a parallel process to be stored in a YMM, floating-point signup accessed by AVX instructions, which would allow an attacker to access sensitive information remotely.

One of the main aggravators of the bug is its secretive nature. Zenbleed does not require special calls or access privileges on the system, so it can work without being noticed by the user. “I am not aware of any reliable techniques to detect exploitation [of this vulnerability],” Ormandy said.

Considering that Zenbleed affects any Zen 2-based processor, the list of threatened platforms is extensive. This architecture is used in several chips of the Ryzen and Threadripper lines of the 3000, 4000, 5000 and 7020 generations. In addition to consumer hardware, several server-facing products are also vulnerable.

AMD is working with several companies in the field, including Google experts, to develop fixes that protect its Zenbleed chips. Security patches are already available for the EPYC line of processors, but are expected to begin rolling out to the Ryzen family in the last quarter of 2023.

How to protect from the Zenbleed vulnerability

To protect themselves from the Zenbleed vulnerability, users can take the following steps:

Update Your System: Keep your system up to date with the latest security patches and updates. This will help to ensure that any vulnerabilities, including Zenbleed, are patched and that your system is protected against potential attacks.
Be Cautious with Downloads: Be cautious when downloading and installing software or files from unknown or untrusted sources. Malicious software can exploit vulnerabilities like Zenbleed to gain access to your system and steal sensitive data.
Use Antivirus Software: Use antivirus software to protect your system against malware and other threats. Antivirus software can help to detect and remove malicious software that may exploit vulnerabilities like Zenbleed.
Limit Access to Sensitive Data: Limit access to sensitive data, such as passwords and encryption keys, to authorized users only. This can help to minimize the impact of a potential attack that exploits vulnerabilities like Zenbleed.
Consider Hardware-Based Security: Consider using hardware-based security solutions, such as Trusted Platform Modules (TPMs), to protect sensitive data. TPMs provide a secure environment for storing and processing sensitive data, making it more difficult for attackers to access this information.