Zenbleed shouldn’t be left exposed for long, so you best keep an eye out for an upcoming AGESA fix for affected chips.
A security vulnerability has been uncovered in AMD processors built with the Zen 2 architecture. Spotted by a Google researcher, the so-called ‘Zenbleed’ vulnerability opens the door to a potential attacker and threatens the possibility of exposing sensitive information. Don’t worry, there is a fix, but us gamers will have to wait around a little longer than our server-side pals to get hold of it.
Zenbleed affects all Zen 2 processors, which includes Ryzen 3000/4000, Threadripper 3000, Ryzen 4000/5000/7020 mobile, and Epyc Rome generations.
The vulnerability, as described by AMD in a security bulletin, occurs « Under specific microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information. »
The vulnerability is listed as « Medium » severity by AMD, however, its CVE (CVE-2023-20593) is not currently rated.
The vulnerabilities’ discoverer, Tavis Ormandy, goes into greater detail on how the exploit works in their blog post. They believe the reason they discovered the bug, as opposed to AMD in post-silicon validation, is because they don’t come from an electrical engineering background, oddly enough.
