A new security vulnerability has been discovered, impacting AMD Zen 2 processors. The bug, known as Zenbleed, can be used to steal sensitive data, but mitigations for the exploit are already on the way.

An issue with Zen 2 processors means that under “specific microarchitectural circumstances”, a register in these processors may not be written to 0 correctly. This in turn can cause data from another process or thread to be stored in the YMM register, which an attacker could potentially use to access sensitive information. Cloudflare's analysis claims that the bug doesn't require physical access to a system to exploit.

The bug was brought to AMD's attention by Google security researcher, Tavis Ormandy and the company is already working on fixes. These will be rolled out to users of all Zen 2 processors in the form of BIOS updates and newer firmware.

While fixes are in the works, it will be a while until they arrive. In AMD's security bulletin, it puts a timeline of between October and December 2023 for these updates to roll out. With that said, a microcode update for EPYC 7002 series processors is already available and applying the patch is recommended for all users.

Discuss on our Facebook page, HERE.

KitGuru Says: Fixes for this are on the way, although the timeline is a little long. Fortunately, it doesn't appear that anyone has successfully managed to exploit this bug outside of research environments. 

Become a Patron!