A researcher from Google Information Security has discovered a hardware vulnerability that poses a threat to AMD’s Zen 2 processors. This vulnerability could potentially lead to the theft of sensitive data such as passwords and encryption keys. This includes the popular Ryzen 5 3600 processor.
In May, Google security researcher Tavis Ormandy identified the “Zenbleed” bug and has now detailed it on his blog, explaining how it can impact users.
Affected AMD CPUs:
The vulnerability affects AMD’s entire Zen 2 product line, including processors like the AMD Ryzen series (3000/4000/5000/7020) and the Ryzen Pro series (3000/4000). The company’s EPYC “Rome” data center processors are also affected. AMD has announced its expected timeline for patching the exploit, with most firmware updates anticipated to be released by the end of 2023.
How this bug can affect users:
According to a report by Tom’s hardware, the Zenbleed exploit can be executed remotely through Javascript on a webpage, without requiring physical access to the user’s computer. Successful exploitation can result in data transfers at a rate of 30kb per core, per second, allowing for the theft of sensitive data from any software running on the system, including virtual machines and sandboxes. Additionally, this bug presents a concern for cloud-hosted services as it can be utilized for spying on cloud users. Ormandy has stated that there are no reliable techniques to detect exploitation of this bug.
AMD’s response to the bug:
AMD has already released a microcode patch for second-generation Epyc 7002 processors and is expected to roll out updates for other CPU lines by October. Users who do not want to wait for the updates can apply a software workaround, although this may impact system performance. AMD and its industry partners have closely collaborated to address the vulnerability across Google platforms, as confirmed by a Google spokesperson.
Please note that the HTML tags and script at the bottom of the content have been omitted for clarity.
Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Alex Smith is a writer and editor with over 10 years of experience. He has written extensively on a variety of topics, including technology, business, and personal finance. His work has been published in a number of magazines and newspapers, and he is also the author of two books. Alex is passionate about helping people learn and grow, and he believes that writing is a powerful tool for communication and understanding.
