Ormandy also credits his colleagues "I couldn’t have found it without help from my colleagues, in particular Eduardo Vela Nava and Alexandra Sandulescu. Ormandy says he reported the issue to AMD on May 15, 2023. We have worked to address the vulnerability across Google platforms.” - Google spokesperson to Tom's Hardware. “We are aware of the AMD hardware security vulnerability described in CVE-2023-20593, which was discovered by Tavis Ormandy, a Security Researcher at Google, and we have worked with AMD and industry partners closely. You will need to update to a BIOS with the above-listed AGESA code, or newer, to patch your system. AMD's AGESA is a code foundation upon which the OEMs build BIOS revisions. Threadripper PRO 3000WX-Series "Castle Peak"ĬastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.7īelow, we have a more detailed list with the model number of each impacted chip and the expected data for the new AGESA to arrive. We now know that basic operations like strlen, memcpy and strcmp will use the vector registers - so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever!ĬomboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C This all has to happen within a precise window to work. "The bug works like this, first of all you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. The attack works by manipulating the register files to force a mispredicted command (meaning it eploits the speculative execution engine), as described below: Ormandy has posted a security research repository and code for the exploit. The attack can be accomplished via unprivileged arbitrary code execution. The ability for this attack to read data across virtual machines is particularly threatening for cloud service providers and those who use cloud instances. This attack works across all software running on the processor, including virtual machines, sandboxes, containers, and processes. The Zenbleed vulnerability is filed as CVE-2023-20593 and allows data exfiltration (theft) at a rate of 30kb per core, per second, thus providing adequate throughput to steal sensitive information flowing through the processor. In the meantime, we've asked AMD for any ballpark figures it can share. AMD is not aware of any known exploit of the described vulnerability outside the research environment.”ĪMD's statement implies there will be some performance impact from the patches, but we'll have to conduct independent benchmarks when the patches arrive for the consumer Ryzen products. We have added details further below about mitigation schedules.ĪMD hasn't given specific details of any performance impacts but did issue the following statement to Tom's Hardware: “Any performance impact will vary depending on workload and system configuration. AMD's processors used in the PS5, Xbox Series X and S, and Steam Deck are all also powered by Zen 2 chips, but it remains unclear if those are impacted. AMD has patches ready for its EPYC 7002 'Rome' processors now, but it will not patch its consumer Zen 2 Ryzen 3000, 4000, and some 5000-series chips until November and December of this year. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.ĪMD didn't have an advisory ready at the time of publication, but the company did add the AMD-SB-7008 Bulletin several hours later. The ' Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. Original Article Published 7/24/23 8:45am PT:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |