It turns out that there is a vulnerability 'Zenbleed' that steals data in AMD CPU, data can be stolen regardless of virtual machines and containers
It has become clear that there is a vulnerability `` Zenbleed (CVE-2023-20593) ' ' that allows attackers to read data in AMD CPUs. The affected CPU is a model that uses the 'Zen2 architecture', and an attacker can obtain 30 kb of data per second per core.
Zenbleed
https://lock.cmpxchg8b.com/zenbleed.html
CVE-CVE-2023-20593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593
Cross-Process Information Leak
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
Zenbleed was discovered by Google security researcher Tavis Ormandy . According to Ormandy, AMD's Zen2 architecture CPU has a vulnerability that prevents data from being written correctly, and an attacker can exploit the vulnerability to steal 30kb of data per second per core. Mr. Ormandy has also created Zenbleed's proof-of-concept code and has released how it actually reads data from the CPU.
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! ???? AMD have just released updated microcode for affected systems, please update! https://t.co/NVPWFpVopz pic.twitter.com/HgKwu9w8Av
— Tavis Ormandy (@taviso) July 24, 2023
Ormandy points out that the speed of '30 kb per second per core' is fast enough to steal user IDs and passwords. In addition, Zenbleed affects regardless of OS, and protection by virtual machines, sandboxes, and containers makes no sense.
At the time of writing, AMD evaluates Zenbleed's severity as 'Medium'. AMD also released microcode for modification for the second generation AMD EPYC (Rome). In addition, we plan to release modified firmware for consumer CPUs according to the following schedule.
| platform | series | firmware | Target release date |
|---|---|---|---|
| desktop | Ryzen 3000 | ComboAM4v2PI_1.2.0.C | December 2023 |
| desktop | Ryzen 3000 | ComboAM4PI_1.0.0.C | December 2023 |
| desktop | Ryzen 4000 | ComboAM4v2PI_1.2.0.C | December 2023 |
| desktop | Threadripper PRO 3000 | CastlePeakPI-SP3r3 1.0.0.A | October 2023 |
| desktop | Threadripper PRO 3000WX | CastlePeakWSPI-sWRX8 1.0.0.C | November 2023 |
| desktop | Threadripper PRO 3000WX | Chagall WSPI-sWRX8 1.0.0.7 | December 2023 |
| mobile | Ryzen 4000 | RenoirPI-FP6_1.0.0.D | November 2023 |
| mobile | Ryzen 5000 | CezannePI-FP6_1.0.1.0 | December 2023 |
| mobile | Ryzen 7020 | MendocinoPI-FT6_1.0.0.6 | December 2023 |
Details of Zenbleed and proof-of-concept code are available at the following link.
security-research/pocs/cpus/zenbleed at master google/security-research GitHub
https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed
Related Posts:
