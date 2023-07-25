A new vulnerability security breach was discovered in AMD Zen 2 architecture-based processors, which could be exploited to extract sensitive data such as encryption keys and passwords.

What are the AMD Zen 2 architecture problems

Discovered by Google Project Zero researcher Tavis Ormandy, the flaw that was named Zenbleed and plotted as CVE-2023-20593 (CVSS score: 6.5) and allows data to flow out at a rate of 30kb per core per second.

The problem is part of a larger category of problems called speculative execution attackswhere the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers.

“Under certain microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be properly written to 0“, has explained AMD in an information note. “This could cause data from another process and/or thread to be saved in the YMM log, potentially allowing an attacker to gain access to sensitive information“.

Web infrastructure firm Cloudflare noted that the attack could even be performed remotely via JavaScript on a website, thus avoiding the need for physical access to the computer or server.

“Vector operations can be performed with great efficiency using registers YMM“, they have stated Cloudflare researchers Derek Chamorro and Ignat Korchagin. “Applications that process large amounts of data can benefit greatly, but are increasingly subject to malicious activity“.

“This attack works by manipulating log files to force an unexpected command. Since the log file is shared by all processes running on the same physical core, this exploit can be used to intercept even the most fundamental system operations by monitoring the data transferred between the CPU and the rest of the computer“, they added.

How will the AMD Zen 2 problem be solved?

While there is no evidence that the exploit occurred, it is essential that the microcode updates are applied to minimize potential risks as they become available through original equipment manufacturers (OEMs).

In short, a BIOS update will solve the problem; worth noting that the BIOS update it is a very delicate procedure, so if you think you have this problem, get help from an expert in the sector.