The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.
The Zenbleed vulnerability is filed as CVE-2023-20593 and allows data exfiltration (theft) at a rate of 30kb per core, per second, thus providing adequate throughput to steal sensitive information flowing through the processor. This attack works across all software running on the processor, including virtual machines, sandboxes, containers, and processes. The ability for this attack to read data across virtual machines is particularly threatening for cloud service providers and those who use cloud instances.
explanation from the researcher:
"The bug works like this, first of all you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. This all has to happen within a precise window to work.
We now know that basic operations like strlen, memcpy and strcmp will use the vector registers - so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever!
This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file," says Ormandy.
How are cloud providers going to deal with this? Will there be a fire sale of used Zen2's?
Server processors have already been patched. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html#mitigation Luckily it's unlikely to effect individual users (too much) as this seems to be a decently technical exploit.
no this affects users as well. it's triggerable from arbitrary javascript. there will be demos up within a week. the only saving grace is that this only affects a single generation rather than literally the whole product stack a la meltdown.
WTAF
explanation from the researcher:
How are cloud providers going to deal with this? Will there be a fire sale of used Zen2's?
Server processors have already been patched. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html#mitigation Luckily it's unlikely to effect individual users (too much) as this seems to be a decently technical exploit.
no this affects users as well. it's triggerable from arbitrary javascript. there will be demos up within a week. the only saving grace is that this only affects a single generation rather than literally the whole product stack a la meltdown.