AMD ‘Zenbleed’ Bug Allows Data Theft From Zen 2 Ryzen 3000, EPYC CPUs: Most Patches Coming Q4 (Updated)
July 24, 2023 at 1:30 PM PT Update: AMD responded with important details and published security advisories with expected dates for new firmware, many of which won’t be released until the end of the year. I’ve added that information to the original article below.
The original article was published on July 24, 2023 at 8:45 AM PT.
Google Information Security researcher Tavis Ormandy posted today about a new vulnerability he’s independently discovered in AMD’s Zen 2 processors. ‘ZenbreedThe vulnerability spans the entire Zen 2 product stack, including AMD’s EPYC datacenter processors and Ryzen 3000/4000/5000 CPUs, and can steal protected information such as cryptographic keys and user logins from the CPUs. This attack does not require physical access to a computer or server and can also be carried out via JavaScript on web pages.
AMD did not have an advisory available at the time of this article’s publication, but the company has added: AMD-SB-7008 Bulletin After several hours. AMD is currently preparing a patch for its EPYC 7002 ‘Rome’ processors, but won’t be patching the consumer Zen 2 Ryzen 3000, 4000 and some 5000 series chips until November and December of this year. AMD’s processors in the PS5, Xbox Series X and S, and Steam Deck all also have Zen 2 chips, but it’s unclear if they’re affected. Further details are being tracked. We’ve added more details below about the mitigation schedule.
AMD did not provide specific details about the performance impact, but released the following statement: tom’s hardware: “Performance impact will vary depending on workload and system configuration. AMD is not aware of any known exploitation of the described vulnerability outside of a research environment.”
AMD’s statement suggests that there will be some performance impact from the patch, but independent benchmarking should be done once the patch arrives for consumer Ryzen products. In the meantime, we asked AMD what approximate numbers they could share.
Zenbleed vulnerabilities have been reported as follows: CVE-2023-20593 It is also capable of data extraction (stealing) at a rate of 30kb per second per core, providing sufficient throughput to steal sensitive information flowing through the processor. This attack works across all software running on the processor, including virtual machines, sandboxes, containers and processes. The ability of this attack to read data between virtual machines is a particular threat to cloud service providers and users of cloud instances.
This attack can be carried out by arbitrary unprivileged code execution. Posted by Ormandy security research repository and exploit code. This attack works by manipulating the register file to force mispredicted commands, as described below.
“This bug works like this. First you have to trigger something called XMM Register Merge Optimization2. Then you have vzeroupper for register renaming and incorrect predictions. All this has to work within an exact window.
Now that we know that basic operations like strlen, memcpy, and strcmp use vector registers, we can effectively monitor these operations happening anywhere on the system. It doesn’t matter if it’s happening in other virtual machines, sandboxes, containers, processes, etc.
This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads share the same physical register file. ” says Ormandy.
AMD describes the exploit more simply: “Under certain microarchitectural circumstances, ‘Zen 2’ CPU registers may not be properly written to 0. This may allow data from another process or thread to be stored in the YMM registers, potentially allowing an attacker to access sensitive information.”
Ormandy said the bug can be patched through a software approach for multiple operating systems (such as Windows). chicken bits DE_CFG[9]Ormandy said he strongly recommends getting microcode updates, but his post also provides examples of software mitigations for other operating systems.
Below is the list of affected processors and the schedule for release of AGESA versions to OEMs.
| processor | Agesa firmware | Supply to OEM | microcode |
| 2nd Gen AMD EPYC Rome Processor | RomePI 1.0.0.H | now | 0x0830107A |
| Ryzen 3000 Series “Matisse” | Combo AM4v2PI_1.2.0.C | Combo AM4PI_1.0.0.C | Both are targeted for December 2023 | ? |
| Ryzen 4000 series “Renoir” AM4 | ComboAM4v2PI_1.2.0.C | Target December 2023 | ? |
| Threadripper 3000 series “Caslle Peak” | CastlePeakPI-SP3r3 1.0.0.A | Target October 2023 | ? |
| Threadripper PRO 3000WX Series “Castle Peak” | CastlePeakWSPI-sWRX8 1.0.0.C | Chagall WSPI-sWRX8 1.0.0.7 | Target November 2023 | Target December 2023 | ? |
| Ryzen 5000 Series Mobile “Lucienne” | Cezanne PI-FP6_1.0.1.0 | Target December 2023 | ? |
| Ryzen 4000 Series Mobile “Renoir” | Renoir PI-FP6_1.0.0.D | Target November 2023 | ? |
| Ryzen 7020 series “Mendocino” | Mendocino PI-FT6_1.0.0.6 | Target December 2023 | ? |
- AMD Ryzen 3000 series processor
- AMD Ryzen PRO 3000 Series Processor
- AMD Ryzen Threadripper 3000 Series Processors
- AMD Ryzen 4000 Series Processor with Radeon Graphics
- AMD Ryzen PRO 4000 Series Processor
- AMD Ryzen 5000 Series Processor with Radeon Graphics
- AMD Ryzen 7020 Series Processor with Radeon Graphics
- AMD EPYC “Rome” Processor
AMD’s AGESA is the code base on which OEMs build BIOS revisions. In order to patch your system, you will need to update the BIOS to the above AGESA code or later.
Ormandy said he reported the issue to AMD on May 15, 2023, but it remains unclear if this was a systematic disclosure and AMD did not appear to be ready to make an announcement. Ormandy also credits his colleagues for their work. “I would not have been able to find this issue without the help of my colleagues, especially Eduardo Vela Nava and Alexandra Sandulescu. I also had Josh Eads help me analyze the bug.”
