Google’s security researcher, Tavis Ormandy, made a significant discovery: a new vulnerability that impacts AMD Zen2 CPUs. This blemish could potentially allow malicious actors to steal sensitive data, such as passwords and encryption keys, from each CPU core at an alarming rate of 30KB/sec.
The vulnerability, known as CVE-2023-20593, arises due to the improper handling of the ‘zero upper’ instruction during speculative execution—a technique commonly used to enhance processor performance and found in modern processors.
To detect specific hardware events, Ormandy employed fuzzing and performance counters, and he validated his findings through a method known as “Oracle Serialization.
In a technical write-up of the vulnerability, Ormandy explains, “It required some effort, but I discovered a variant capable of leaking approximately 30 kb per core, per second. This speed is sufficient to monitor encryption keys and passwords as users log in!”
Furthermore, the author successfully identified inconsistencies between the execution of a randomly generated program and its serialized oracle, leading to the revelation of CVE-2023-20593 in Zen2 CPUs.
First big result from our new CPU research project, a use-after-free in AMD Zen2 processors! 🔥 AMD have just released updated microcode for affected systems, please update! https://t.co/NVPWFpVopz pic.twitter.com/HgKwu9w8Av
— Tavis Ormandy (@taviso) July 24, 2023
Moreover, upon triggering an optimized exploit for the flaw, the researcher could extract sensitive data from various system operations, even in virtual machines, isolated sandboxes, containers, and similar environments.
As a significant outcome of their new CPU research project, the team identified a use-after-free vulnerability in AMD Zen2 processors. In response, AMD has promptly released updated microcode for affected systems, urging users to update and protect their devices from potential exploitation.
On May 15, 2023, the researcher informed AMD about the flaw, and today, they released a proof-of-concept (PoC) exploit for CVE-2023-20593. Although the exploit targets Linux, the bug itself is OS-agnostic, making all operating systems running on Zen 2 CPUs vulnerable.
Additionally, the vulnerability affects all AMD CPUs using the Zen 2 architecture, including the Ryzen 3000 (“Matisse”), Ryzen 4000U/H (“Renoir”), Ryzen 5000U (“Lucienne”), Ryzen 7020, and the high-end ThreadRipper 3000 and Epyc server (“Rome”) processors. For users with ‘Zenbleed’-affected CPUs, applying AMD’s new microcode update or waiting for their computer vendor to incorporate the fix in a future BIOS upgrade is strongly advised.
Related stories:
