Researchers from Google security has discovered a new security vulnerability affecting AMD Zen 2 processors that can be exploited to steal passwords and other sensitive data such as encryption keys.
The vulnerability dubbed as Zenbleed, which has been tracked as CVE-2023-20593 and has a severity of medium. It affects all Zen 2 processors, which include Ryzen 3000/4000, Threadripper 3000, Ryzen 4000/5000/7020 mobile and Eypc Rome.
The vulnerability occurs only under specific microarchitectural circumstances and what happens is that a register in the CPU may not be written as “0” correctly. This causes data from another process and threads to be stored in an open “vector register,” allowing an attacker to access it. Since the exploit was detected rapidly and there was no use in the wild.
The vulnerability bypasses the usual routes that an operating system uses to segregate memory from being read between processes. As a result, anything can be read from anywhere and the exploit would go completely undetected while happening.
Alike Spectre and Meltdown, many additional vulnerabilities and attacks have been discovered by researchers investigating very specialized areas of code and hardware impacting CPUs.
Zenbleed is different from other discoveries in the way that it is not a timing or side channel attack. Instead, contents from registers can be read directly. The data can be read as quickly as it’s processed, and this could allow an attacker to access sensitive data such as passwords and cryptographic keys. This makes this vulnerability quite dangerous, especially in cloud or shared environments.
AMD is already rolling out patches for Zenbleed, beginning with affected Epyc chips, which are server-side processors. Threadripper chips will see patches appear around October and December, mobile Ryzen processors are expected to have patches around November, and desktops will be patched around December.