Security News > 2023 > July > Zenbleed attack leaks sensitive data from AMD Zen2 processors
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core.
After triggering an optimized exploit for the flaw, the researcher could leak sensitive data from any system operation, including those that take place in virtual machines, isolated sandboxes, containers, etc.
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! AMD have just released updated microcode for affected systems, please update! https://t.
The researcher reported the flaw to AMD on May 15, 2023, and today, he published a proof-of-concept exploit for CVE-2023-20593.
The flaw impacts all AMD CPUs built on the Zen 2 architecture, including the Ryzen 3000, Ryzen 4000U/H, Ryzen 5000U, Ryzen 7020, and the high-end ThreadRipper 3000 and Epyc server processors.
If your CPU is impacted by 'Zenbleed,' it is recommended to apply AMD's new microcode update or wait for your computer vendor to incorporate the fix in a future BIOS upgrade.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-20593 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | 5.5 |