New vulnerability in AMD processors puts millions of computers at risk28. July 2023
New vulnerability in AMD processors puts millions of computers at risk
San Francisco, 7/27/2023
A new vulnerability called “Zenbleed” should allow attackers to steal passwords, credit card information and other data. Computers with an AMD Ryzen Zen 2 CPU are affected. Millions of users are potentially at risk.
Google security researcher Tavis Ormandy has discovered a vulnerability called “Zenbleed” in AMD Ryzen processors. All processors with Zen 2 microarchitecture are affected – i.e. the AMD series Ryzen 3000, 4000, 5000, 7200 as well as Ryzen Pro 3000, 4000 and the Epyc Rome used in data centers. Ormandy reported the vulnerability to AMD on May 15 and has recently explained it on his blog.
The security researcher makes it clear how dangerous “Zenbleed” is. The attack is carried out via an exploit without requiring physical access to the computer. Improper handling that increases CPU performance is exploited. If the attack was successful, data can be stolen from memory, which then disappears at a rate of 30 kilobytes per CPU core and second.
AMD, meanwhile, has acted. A microcode patch has been released and distributed to mainboard manufacturers.
Because not everyone will be able to apply the microcode update directly, Ormandy recommends a workaround in his blog: “You can set the chicken bit DE_CFG”. This measure disables the affected CPU feature. However, less power is then to be expected.