Zenbleed: Critical Flaw Found in AMD Zen2 CPUs That Could Leak Sensitive Data
Google’s renowned security researcher Tavis Ormandy has uncovered a significant vulnerability called Zenbleed affecting AMD Zen2 CPUs, posing a serious risk of data theft. The flaw, tracked as CVE-2023-20593, allows malicious actors to pilfer sensitive information, including passwords and encryption keys, at an alarming rate of 30KB/sec from each CPU core.
The root cause of this vulnerability lies in the improper handling of the ‘vzeroupper’ instruction during speculative execution, a widely-used performance-enhancing technique employed in modern processors.
Ormandy employed fuzzing and performance counters to identify specific hardware events, validating his findings using the “Oracle Serialization” approach. This method enabled the detection of inconsistencies between the execution of a randomly generated program and its serialized oracle, leading to the discovery of CVE-2023-20593 in Zen2 CPUs.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Zenbleed PoC
With an optimized exploit for the flaw, the researcher successfully demonstrated how sensitive data from various system operations, including those within virtual machines, isolated sandboxes, and containers, could be leaked.
“I found a variant that can leak about 30 kb per core, per second. This is fast enough to monitor encryption keys and passwords as users login!,” elaborated Ormandy in a technical write-up.
After notifying AMD about the flaw on May 15, 2023, the researcher has now published a proof-of-concept (PoC) exploit for CVE-2023-20593, impacting all operating systems running on Zen 2 CPUs.
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! https://t.co/NVPWFpVopz pic.twitter.com/HgKwu9w8Av
— Tavis Ormandy (@taviso) July 24, 2023
The vulnerability affects numerous AMD CPUs built on the Zen 2 architecture, including Ryzen 3000 (“Matisse”), Ryzen 4000U/H (“Renoir”), Ryzen 5000U (“Lucienne”), Ryzen 7020, and high-end ThreadRipper 3000 and Epyc server (“Rome”) processors.
AMD has released an updated microcode to address the issue, and users are strongly advised to apply the fix or await BIOS upgrades from their computer vendors.
​
Trending: Digital Forensics Tool: ScrapPy
Ormandy suggests an alternative mitigation method involving setting the “chicken bit” to DE_CFG[9], though this may lead to a drop in CPU performance.
Detection of exploitation is challenging, as the improper usage of ‘vzeroupper’ does not require elevated privileges or special system calls, making the Zenbleed exploit stealthy and potentially hard to trace.
For regular users, the practical impact of Zenbleed is relatively low, as exploiting it requires local access to the target system and a high level of expertise. Nonetheless, maintaining up-to-date systems with the latest security patches and BIOS updates is crucial to mitigate potential risks.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
