Google security expert Tavis Ormandy has identified a dangerous vulnerability affecting AMD Zen 2 processors. The problem allows stealing confidential data (including passwords and encryption keys) at a speed of 30 kbps from processor cores.
The vulnerability has received the identifier CVE-2023-20593 and belongs to the type of use-after-free problems. It is related to the incorrect processing of the vzeroupper instruction during speculative (or preemptive – speculative) calculations.
The vulnerability affects all AMD processors built on the Zen 2 architecture, including Ryzen 3000 (Matisse), Ryzen 4000U/H (Renoir), Ryzen 5000U (Lucienne), Ryzen 7020, as well as high-performance ThreadRipper 3000 processors and server Epyc (Rome). However, the actual impact of Zenbleed on ordinary users is unlikely to be large, since exploitation of the vulnerability requires local access to the target system, as well as serious technical training.
Let me remind you that we also talked about the Hertzbleed Side-Channel Attack, which hit AMD and Intel processors, and also that ransomware stole more than 450 GB of data from AMD processor manufacturer.
And also IS-experts talked about two more attacks to which AMD processors are vulnerable.
Tavis Ormandy
Ormandy says he used fuzzing and performance counters to detect specific hardware events and then tested his results using a technique known as Oracle Serialization. This approach helped to identify inconsistencies between the execution of a randomly generated program and its serialized oracle, which eventually led to the discovery of CVE-2023-20593 in Zen 2 processors.
By creating and using an exploit for this problem, the researcher was able to “leak” sensitive data associated with any system operation, including operations taking place in virtual machines, isolated sandboxes, containers, and so on.
AMD has already released updated microcodes for some vulnerable products, but it is reported that other patches will have to wait until November-December 2023 (including for Ryzen 3000 and Ryzen 4000).
Ormandy says that he notified AMD about the problem on May 15, 2023, and is now publishing a PoC exploit for CVE-2023-20593. The exploit was written for Linux, but the vulnerability is OS-independent and affects all operating systems running on Zen 2 processors.
