A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.

Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second.

Thanks for that!


Further details:

Linux Kernel Mitigated For "Zenbleed" Vulnerability Affecting AMD Zen 2 CPUs
wrote:

It looks like the updated Family 17h microcode this morning isin relation to a new Zen 2 CPU security vulnerability being disclosed. The Linux kernel has also just received a patch for this "Zenbleed" vulnerability for older AMD CPUs...

AMD Zenbleed chip bug leaks secrets fast and easy
wrote:

Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can...

AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.

Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants...

Keep updated!
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)