AMD recently addressed a critical vulnerability affecting its Zen2 CPUs. Named “Zenbleed,” the researcher who discovered the vulnerability devised an attack strategy that leaks sensitive data from AMD Zen2 processors. Following this discovery, the tech giant patched the vulnerability with a microcode update released for the affected systems.
About Zenbleed Attack
The researcher Tavis Ormandy of Google Project Zero recently shared insights about a severe security flaw threatening AMD processors.
Specifically, he discovered a side channel vulnerability affecting AMD Zen2 CPUs that allows an adversary explicit access to sensitive data. The researcher then demonstrated the exploit via Zenbleed – a dedicated attack strategy targeting this AMD Zen2 vulnerability.
As explained, the vulnerability, CVE-2023-20593, exists due to improper handling of vzeroupper instructions during speculative execution by the processor. Consequently, an attacker may exploit the vulnerability to access sensitive data from the CPU.
Summarizing the steps in the Zenbleed attack, the researcher stated that an attacker first needs to trigger XMM Register (the 128-bit vector registers in standard x86-64 CPUs) Merge Optimization. Then, performing register renaming followed by a mispredicted vzeroupper within a specific time window will let the adversary execute the attack. As described, an adversary may even “spy” on basic operations like strlen, memcpy and strcmp that use the vector registers, even if these operations happen on virtual machines or sandboxes.
The researcher has shared a detailed technical analysis of the flaw and the Zenbleed attack in a separate write-up.
AMD Released A Microcode Fix
Ormandy explained that detecting vulnerability exploits is difficult since it requires no specific system calls or privileges. However, achieving real-world exploits is somewhat tricky since it requires an attacker to bear strong technical knowledge and physical access to the target system to exploit the flaw.
Following Ormandy’s report, AMD released a microcode patch for the following vulnerable Zen2 processors.
- AMD Ryzen 3000 Series Processors
- AMD Ryzen PRO 3000 Series Processors
- AMD Ryzen Threadripper 3000 Series Processors
- AMD Ryzen 4000 Series Processors with Radeon Graphics
- AMD Ryzen PRO 4000 Series Processors
- AMD Ryzen 5000 Series Processors with Radeon Graphics
- AMD Ryzen 7020 Series Processors with Radeon Graphics
- AMD EPYC “Rome” Processors
Hence, all users must update their systems with the latest BIOS/firmware releases to receive the patch.
Let us know your thoughts in the comments.