All AMD Zen 2 CPUs are affected by the Zenbleed Vulnerability.

New Vulnerability Discovered in AMD Zen 2 CPUs

A Google Information Security researcher named Tavis Ormandy has recently uncovered a new vulnerability in AMD Zen 2 based CPUs. This vulnerability, known as Zenbleed or CVE-2023-20593, affects all Zen 2 based AMD processors, including Ryzen 3000, 4000, and 5000-series CPUs, as well as EPYC server chips.

What makes Zenbleed particularly concerning is that it does not require physical access to the targeted computer or server. It can be triggered by executing a javascript on a webpage, making the attack vector quite extensive, especially for webhosting companies.

Zenbleed enables potential attackers to gain access to sensitive information such as encryption keys and user logins. This is achieved by exploiting a combination of "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper". While the vulnerability requires precision to be effective, the fact that these registers are used system-wide means that even a sandboxed attacker can exploit them.

AMD has already released a patch for its EPYC server CPUs, which are the most vulnerable systems. The company plans to issue patches for all Zen 2 based CPUs by the end of the year. For more information about Zenbleed, please refer to the source links below.

Jerry Lawson Jerry is a hardware reviewer and benchmark specialist with a keen eye for detail. He focuses on testing new GPUs, CPUs, and motherboards, delivering in-depth analysis that helps readers make smarter upgrade decisions.