Zenbleed Vulnerability Affects All AMD Zen 2 CPUs

TheLostSwede · Jul 25, 2023

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.

View at TechPowerUp Main Site | Source

ixi · Jul 25, 2023

Javascript baby! Since last known vulnerability it took some time, right?

Blueberries · Jul 25, 2023

...and that's why you run an ad blocker.

VuurVOS · Jul 25, 2023

Ryzen 5000 CPU's like the 5600X/5800X/5800X3D/5900X/5950X is based on Zen 3 architecture and doesnt seems to be involved at this moment.
Only the APU's of the the 5000 series are involved according the researcher.

This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products:

AMD Ryzen 3000 Series Processors

AMD Ryzen PRO 3000 Series Processors

AMD Ryzen Threadripper 3000 Series Processors

AMD Ryzen 4000 Series Processors with Radeon Graphics

AMD Ryzen PRO 4000 Series Processors

AMD Ryzen 5000 Series Processors with Radeon Graphics

AMD Ryzen 7020 Series Processors with Radeon Graphics

AMD EPYC “Rome” Processors

TheLostSwede · Jul 25, 2023

VuurVOS said:
Ryzen 5000 CPU's like the 5600X/5800X/5800X3D/5900X/5950X is based on Zen 3 architecture and doesnt seems to be involved at this moment.
Only the APU's of the the 5000 series are involved according the researcher.

Added APUs to clarify that, but it should've been clear it only affects Zen 2 parts.

aliceif · Jul 25, 2023

Which is still a bit over broad since Cezanne and Barcelo are 5000 series APUs with Zen3 - the Zen2 Ryzen 5000 APUs are to my knowledge only Lucienne, so the 5300U, 5500U and 5700U.

P4-630 · Jul 25, 2023

If it was intel it would have been blown up and we would have seen multiple comment pages here.....
Spectre / meltdown anyone?...

TheLostSwede · Jul 25, 2023

P4-630 said:
If it was intel it would have been blown up and we would have seen multiple comment pages here.....
Spectre / meltdown anyone?...

Or maybe people are just aware that this is something that will keep happening now, after Spectre blew up all over the internet?
At least the patches for this shouldn't have any real world performance reduction for most consumers, if it even needs to be patched for a consumer PC. Not sure if it'll effect things on servers or not.

unwind-protect · Jul 25, 2023

TheLostSwede said:
Or maybe people are just aware that this is something that will keep happening now, after Spectre blew up all over the internet?
At least the patches for this shouldn't have any real world performance reduction for most consumers, if it even needs to be patched for a consumer PC. Not sure if it'll effect things on servers or not.

If it can be exploited from Javascript surely the desktop platforms need it, no?

TheLostSwede · Jul 25, 2023

unwind-protect said:
If it can be exploited from Javascript surely the desktop platforms need it, no?

Only if you're running a web server on your desktop PC, since the example was that you access a webhost and run a javascript on their shared server to gain access to someone elses login details.

unwind-protect · Jul 25, 2023

TheLostSwede said:
Only if you're running a web server on your desktop PC, since the example was that you access a webhost and run a javascript on their shared server to gain access to someone elses login details.

But there is plenty of cryptographic key material to extract from regular users just surfing the web.

TheLostSwede · Jul 25, 2023

unwind-protect said:
But there is plenty of cryptographic key material to extract from regular users just surfing the web.

And how do you intend to remotely run a javascript on someone's PC that you don't have access to?

I'm not saying it's impossible, but you'd really need to know alot to be able to access some random persons PC to steal their credentials for something.

unwind-protect · Jul 25, 2023

TheLostSwede said:
And how do you intend to remotely run a javascript on someone's PC that you don't have access to?

I'm not saying it's impossible, but you'd really need to know alot to be able to access some random persons PC to steal their credentials for something.

I put it in a web page they are looking at?

TheLostSwede · Jul 25, 2023

unwind-protect said:
I put it in a web page they are looking at?

I don't think that's how it works, but I honestly didn't look too much into it. It appears more to be something that has to run on the system in question.

Flyordie · Jul 25, 2023

Guess its a good thing I am still on Zen 1. lol.

chrcoluk · Jul 25, 2023

Is 5000 series Zen 3? So either Zen 3 is also affected or article has mistake.

As far as I know 5600G and 5700G shouldnt be affected as Zen 3 core's.

When I was making my 21H2 install ISO, on my post install script I added an option for configuration available CPU mitigations.

The amount now is staggering, half of the configurable one's are disabled by default. I will attach the configurations in a code box. When I tried out Confusion mitigation, wow it was literally about a 1/3 of the speed. So yeah I think now days these stories are less of a reaction as people have just got used to it and if it has any noticeable performance impact it tends to get disabled either by user or the vendor.

Code:

:STD
echo "Enabling Spectre, Meltdown, MMIO mitigations (Windows default)"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
GOTO NO
:SSB
echo "Enabling Spectre, Meltdown, MMIO, SSB mitigations"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
GOTO NO
:ALL
echo "Enabling Spectre, Meltdown, MMIO, SSB, TSX, MDS, L1TF mitigations"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
GOTO NO
:NOHTT
echo "Enabling Spectre, Meltdown, MMIO, SSB, TSX, MDS, L1TF mitigations and disabling HTT"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8264 /f
GOTO NO
:AMD
echo "Enabling Spectre, Meltdown, MMIO, SSB, Branch Confusion mitigations"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 16777280 /f

trsttte · Jul 26, 2023

VuurVOS said:
Ryzen 5000 CPU's like the 5600X/5800X/5800X3D/5900X/5950X is based on Zen 3 architecture and doesnt seems to be involved at this moment.
Only the APU's of the the 5000 series are involved according the researcher.

For now, it would be far from the first time a vulnerability that only afects X quickly being discoverd to also apply to Y W Z and so on.

TheLostSwede · Jul 26, 2023

chrcoluk said:
Is 5000 series Zen 3? So either Zen 3 is also affected or article has mistake.

No mistake, there are some Zen 2 parts that AMD brands ad Ryzen 5000 something, mostly APUs and mobile chips.

chrcoluk · Jul 26, 2023

TheLostSwede said:
No mistake, there are some Zen 2 parts that AMD brands ad Ryzen 5000 something, mostly APUs and mobile chips.

Article should specify it them, as I defenitly intepret it as saying 5000 series is affected (as a whole). Even just saying APU's is misleading as not all of them are Zen 2. I am reading the OP not the front page article, so if you edited it, I dont see it on the thread OP. Maybe change this

which means Ryzen 3000, 4000 and 5000-series CPUs and APUs

to

which means Ryzen 3000, 4000 and some of the 5000-series CPUs and APUs

trparky · Jul 28, 2023

I'd look at this for confirmation if a CPU is Zen 2 or not.
List of AMD Ryzen processors - Wikipedia

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/yfsd9w

System Name	Ryzen7700
Processor	AMD Ryzen 7 7700
Motherboard	Asus ROG STRIX B650E-F GAMING WIFI
Cooling	NZXT Kraken X62
Memory	Patriot Viper Venom PVV532G700C32K (32GB @ 6000CL28)
Video Card(s)	AMD Radeon RX 6800XT Midnight Black

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/yfsd9w

System Name	Evangeline
Processor	Ryzen 7 5700X
Motherboard	ASRock B550 Taichi Razer Edition
Cooling	BeQuiet Shadow Rock TF2
Memory	4x16GB Samsung M378A2G43CB3-CWE (oc: 3600-22-24)
Video Card(s)	Nvidia GeForce RTX 5080 (Gigabyte Windforce OC)
Storage	Crucial P5+ 1TB + MEGA Fastro MS200 2TB + Crucial MX500 1TB + Patriot P300 2TB
Display(s)	Acer VG280K + Dell S2721QS
Case	BeQuiet Light Base 600 DX
Audio Device(s)	Asus Xonar U7 mkII, Corsair Virtuoso Pro
Power Supply	BeQuiet Straight Power 11 1000W
Mouse	Logitch G502 HERO
Keyboard	Keychron Q6 / Durock Lupine switches / Generic keycaps

System Name	AlderLake
Processor	Intel i7 12700K P-Cores @ 5Ghz
Motherboard	Gigabyte Z690 Aorus Master
Cooling	Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory	32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s)	MSI RTX 2070 Super Gaming X Trio
Storage	Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s)	23.8" Dell S2417DG 165Hz G-Sync 1440p
Case	Be quiet! Silent Base 600 - Window
Audio Device(s)	Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply	Seasonic Focus Plus Gold 750W
Mouse	Logitech MX Anywhere 2 Laser wireless
Keyboard	RAPOO E9270P Black 5GHz wireless
Software	Windows 11
Benchmark Scores	Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock

Zenbleed Vulnerability Affects All AMD Zen 2 CPUs

TheLostSwede

News Editor

ixi

Blueberries

VuurVOS

TheLostSwede

News Editor

aliceif

P4-630

TheLostSwede

News Editor

unwind-protect

TheLostSwede

News Editor

unwind-protect

TheLostSwede

News Editor

unwind-protect

TheLostSwede

News Editor

Flyordie

chrcoluk

trsttte

TheLostSwede

News Editor

chrcoluk

trparky

System Name	Budget AMD System
Processor	Threadripper 2950X Stock, undervolted, 1.235V max
Motherboard	Gigabyte X399 Aorus Gaming 7
Cooling	EKWB X399 Monoblock
Memory	4x8GB GSkill TridentZ RGB 14-14-14-28 CR1 @ 3266
Video Card(s)	XFX Radeon RX Vega₆⁴ Liquid @ 1,800Mhz Core, 1025Mhz HBM2
Storage	1x ADATA SX8200 NVMe, 1x Segate 2.5" FireCuda 2TB SATA, 1x 500GB HGST SATA
Display(s)	Vizio 22" 1080p 60hz TV (Samsung Panel)
Case	Corsair 570X
Audio Device(s)	Onboard
Power Supply	Seasonic X Series 850W KM3
Software	Windows 10 Pro x64

System Name	Main PC
Processor	13700k
Motherboard	Asrock Z690 Steel Legend D4 - Bios 13.02
Cooling	Noctua NH-D15S
Memory	32 Gig 3200CL14
Video Card(s)	4080 RTX SUPER FE 16G
Storage	1TB 980 PRO, 2TB SN850X, 2TB DC P4600, 1TB 860 EVO, 4TB WD SA510, 2x 3TB WD Red, 1x 4TB WD Red
Display(s)	LG 27GL850
Case	Fractal Define R4
Audio Device(s)	Soundblaster AE-9
Power Supply	Antec HCG 750 Gold
Software	Windows 10 21H2 LTSC

System Name	My Ryzen 7 7700X Super Computer
Processor	AMD Ryzen 7 7700X
Motherboard	Gigabyte B650 Aorus Elite AX
Cooling	DeepCool AK620 with Arctic Silver 5
Memory	2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s)	XFX AMD Radeon RX 7900 GRE
Storage	Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s)	Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case	Lian Li LANCOOL II MESH C
Audio Device(s)	On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply	MSI A850GF
Mouse	Logitech M705
Keyboard	Steelseries
Software	Windows 11 Pro 64-bit
Benchmark Scores	https://valid.x86.fr/liwjs3