Zenbleed Vulnerability Affects All AMD Zen 2 CPUs

[TheLostSwede]

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.



View at TechPowerUp Main Site | Source

 

[ixi]

Javascript baby! Since last known vulnerability it took some time, right?

 

[Blueberries]

...and that's why you run an ad blocker.

 

[VuurVOS]

Ryzen 5000 CPU's like the 5600X/5800X/5800X3D/5900X/5950X is based on Zen 3 architecture and doesnt seems to be involved at this moment.
Only the APU's of the the 5000 series are involved according the researcher.

This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products:

• AMD Ryzen 3000 Series Processors
• AMD Ryzen PRO 3000 Series Processors
• AMD Ryzen Threadripper 3000 Series Processors
• AMD Ryzen 4000 Series Processors with Radeon Graphics
• AMD Ryzen PRO 4000 Series Processors
• AMD Ryzen 5000 Series Processors with Radeon Graphics
• AMD Ryzen 7020 Series Processors with Radeon Graphics
• AMD EPYC “Rome” Processors

 

[TheLostSwede]

Ryzen 5000 CPU's like the 5600X/5800X/5800X3D/5900X/5950X is based on Zen 3 architecture and doesnt seems to be involved at this moment.
Only the APU's of the the 5000 series are involved according the researcher.

Added APUs to clarify that, but it should've been clear it only affects Zen 2 parts.

 

[aliceif]

Which is still a bit over broad since Cezanne and Barcelo are 5000 series APUs with Zen3 - the Zen2 Ryzen 5000 APUs are to my knowledge only Lucienne, so the 5300U, 5500U and 5700U.

 

[P4-630]

If it was intel it would have been blown up and we would have seen multiple comment pages here.....
Spectre / meltdown anyone?...

 

[TheLostSwede]

If it was intel it would have been blown up and we would have seen multiple comment pages here.....
Spectre / meltdown anyone?...

Or maybe people are just aware that this is something that will keep happening now, after Spectre blew up all over the internet?
At least the patches for this shouldn't have any real world performance reduction for most consumers, if it even needs to be patched for a consumer PC. Not sure if it'll effect things on servers or not.

 

[unwind-protect]

Or maybe people are just aware that this is something that will keep happening now, after Spectre blew up all over the internet?
At least the patches for this shouldn't have any real world performance reduction for most consumers, if it even needs to be patched for a consumer PC. Not sure if it'll effect things on servers or not.

If it can be exploited from Javascript surely the desktop platforms need it, no?

 

[TheLostSwede]

If it can be exploited from Javascript surely the desktop platforms need it, no?

Only if you're running a web server on your desktop PC, since the example was that you access a webhost and run a javascript on their shared server to gain access to someone elses login details.

 

[unwind-protect]

Only if you're running a web server on your desktop PC, since the example was that you access a webhost and run a javascript on their shared server to gain access to someone elses login details.

But there is plenty of cryptographic key material to extract from regular users just surfing the web.

 

[TheLostSwede]

But there is plenty of cryptographic key material to extract from regular users just surfing the web.

And how do you intend to remotely run a javascript on someone's PC that you don't have access to?

I'm not saying it's impossible, but you'd really need to know alot to be able to access some random persons PC to steal their credentials for something.

 

[unwind-protect]

And how do you intend to remotely run a javascript on someone's PC that you don't have access to?

I'm not saying it's impossible, but you'd really need to know alot to be able to access some random persons PC to steal their credentials for something.

I put it in a web page they are looking at?

 

[TheLostSwede]

I put it in a web page they are looking at?

I don't think that's how it works, but I honestly didn't look too much into it. It appears more to be something that has to run on the system in question.

 

[Flyordie]

Guess its a good thing I am still on Zen 1. lol.

 

[chrcoluk]

Is 5000 series Zen 3? So either Zen 3 is also affected or article has mistake.

As far as I know 5600G and 5700G shouldnt be affected as Zen 3 core's.

When I was making my 21H2 install ISO, on my post install script I added an option for configuration available CPU mitigations.

The amount now is staggering, half of the configurable one's are disabled by default. I will attach the configurations in a code box. When I tried out Confusion mitigation, wow it was literally about a 1/3 of the speed. So yeah I think now days these stories are less of a reaction as people have just got used to it and if it has any noticeable performance impact it tends to get disabled either by user or the vendor.

:STD
echo "Enabling Spectre, Meltdown, MMIO mitigations (Windows default)"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
GOTO NO
:SSB
echo "Enabling Spectre, Meltdown, MMIO, SSB mitigations"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
GOTO NO
:ALL
echo "Enabling Spectre, Meltdown, MMIO, SSB, TSX, MDS, L1TF mitigations"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
GOTO NO
:NOHTT
echo "Enabling Spectre, Meltdown, MMIO, SSB, TSX, MDS, L1TF mitigations and disabling HTT"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
GOTO NO
:AMD
echo "Enabling Spectre, Meltdown, MMIO, SSB, Branch Confusion mitigations"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 16777280 /f

 

[trsttte]

Ryzen 5000 CPU's like the 5600X/5800X/5800X3D/5900X/5950X is based on Zen 3 architecture and doesnt seems to be involved at this moment.
Only the APU's of the the 5000 series are involved according the researcher.

For now, it would be far from the first time a vulnerability that only afects X quickly being discoverd to also apply to Y W Z and so on.

 

[TheLostSwede]

Is 5000 series Zen 3? So either Zen 3 is also affected or article has mistake.

No mistake, there are some Zen 2 parts that AMD brands ad Ryzen 5000 something, mostly APUs and mobile chips.

 

[chrcoluk]

No mistake, there are some Zen 2 parts that AMD brands ad Ryzen 5000 something, mostly APUs and mobile chips.

Article should specify it them, as I defenitly intepret it as saying 5000 series is affected (as a whole). Even just saying APU's is misleading as not all of them are Zen 2. I am reading the OP not the front page article, so if you edited it, I dont see it on the thread OP. Maybe change this

which means Ryzen 3000, 4000 and 5000-series CPUs and APUs

to

which means Ryzen 3000, 4000 and some of the 5000-series CPUs and APUs

 

[trparky]

I'd look at this for confirmation if a CPU is Zen 2 or not.
List of AMD Ryzen processors - Wikipedia