Security News > 2023 > July > Zenbleed: How the quest for CPU performance could put your passwords at risk

Zenbleed: How the quest for CPU performance could put your passwords at risk
2023-07-26 19:01

In Ormandy's Zenbleed bug, now officially known as CVE-2023-20593, the problem arises when an AMD Zen 2 processor performs a special instruction that exists to set multiple so-called vector registers to zero at the same time.

Vector registers are used to store data used by special high-performance numeric and data processing instructions, and in most modern Intel and AMD processors they are a chunky 256 bits wide, unlike the 64 bits of the CPU's general purpose registers used for traditional programming purposes.

By experimenting carefully, Ormandy figured out how to craft AVX code loops that not ony repeatedly triggered the speculative execution of a VZEROUPPER instruction, but also regularly forced that instruction to be rolled back and the AVX registers "Unzeroed".

If you know what's supposed to be in the AVX registers after a VZEROUPPER operation gets rolled back, it's easy to spot when the values in those registers go awry.

MSR 0xC0011029 is referred to in the Linux kernel mailing list archives as the DE CFG register, apparently short for decode configuration, and other well-known bits in this register are used to regulate other aspects of speculative execution.

Obviously, if you never allow the processor to zero out the vector registers unless you already know for sure that you'll never need to "Unzero" those registers and back out the changes, this bug can never be triggered.


News URL

https://nakedsecurity.sophos.com/2023/07/26/zenbleed-how-the-quest-for-cpu-performance-could-put-your-passwords-at-risk/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Quest 16 4 71 33 21 129