New security vulnerability has been discovered in AMD's Zen 2 architecture-based processors

Message boards : Number crunching : New security vulnerability has been discovered in AMD's Zen 2 architecture-based processors
Message board moderation

To post messages, you must log in.

AuthorMessage
Dr Who Fan
Volunteer tester
Avatar

Send message
Joined: 8 Jan 01
Posts: 3348
Credit: 715,342
RAC: 4
United States
Message 2123135 - Posted: 26 Jul 2023, 2:42:49 UTC

A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.

Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second.
ID: 2123135 · Report as offensive     Reply Quote
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 21253
Credit: 7,508,002
RAC: 20
United Kingdom
Message 2123143 - Posted: 26 Jul 2023, 10:12:08 UTC - in response to Message 2123135.  

Thanks for that!


Further details:

Linux Kernel Mitigated For "Zenbleed" Vulnerability Affecting AMD Zen 2 CPUs
wrote:
It looks like the updated Family 17h microcode this morning isin relation to a new Zen 2 CPU security vulnerability being disclosed. The Linux kernel has also just received a patch for this "Zenbleed" vulnerability for older AMD CPUs...


AMD Zenbleed chip bug leaks secrets fast and easy
wrote:
Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can...

AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.

Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants...




Keep updated!
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 2123143 · Report as offensive     Reply Quote

Message boards : Number crunching : New security vulnerability has been discovered in AMD's Zen 2 architecture-based processors


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.