AMD Zenbleed Exploit Lets Hackers Pry Sensitive Data From All Zen 2 CPUs, Fix Incoming

AMD Ryzen 9 3950X CPU in front of its retail box.
A wide range of processors based on AMD's Zen 2 architecture, including consumer Ryzen chips (desktop and mobile) and EPYC server silicon, are vulnerable to a newly discovered exploit that could allow an attacker to steal sensitive data. That includes user passwords, encryption keys, and other information that you don't want to fall into the wrong hands.

Tavis Ormandy, a security researcher with Google's Project Zero team, discovered the vulnerability, which he has dubbed "Zenbleed," and reported it to AMD on May 15, 2023. We're only hearing about it now presumably so AMD could have time to analyze the findings and formulate a plan for mitigation. As things stand, there's already a firmware update available for AMD's EPYC 7002 "Rome" processors. Updates for other CPU families will arrive in the coming months.

AMD confirmed the vulnerability in a security advisory, which is being tracked as CVE-2023-20593 with a "Medium" severity rating.

"Under specific microarchitectural circumstances, a register in 'Zen 2' CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information," AMD explains.

Ormandy goes into more detail in a blog post outlining Zenbleed. It's fairly technical in nature, though he does attempt to explain it down with analogies. One of the main takeaways is that this attack vector does not require physical access to a PC with an affected CPU, meaning a hacker could exploit it remotely. This can be achieved via JavaScript on a malicious website.
What's even more alarming, however, is that this speculative exploit leaves users vulnerable even when running in a sandbox or virtual machine.

"We now know that basic operations like strlen, memcpy and strcmp will use the vector registers - so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever! This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file," Ormandy explains.

Furthermore, Ormandy says there are no reliable techniques to detect exploitation because no special system calls or or privileges are required for this kind of attack. He also says it works on all Zen 2 class processors, including the following...
  • AMD Ryzen 3000 Series Processors
  • AMD Ryzen Pro 3000 Series Processors
  • AMD Ryzen Threadripper 3000 Series Processors
  • AMD Ryzen 4000 Series Processors with Radeon Graphics
  • AMD Ryzen Pro 4000 Series Processors
  • AND Ryzen 5000 Series Processors with Radeon Graphics
  • AMD Ryzen 7020 Series Processors with Radeon Graphics
  • AMD EPYC 'Rome' Processors
It's worth noting that the Xbox Series X|S and PlayStation 5 are based on custom Zen 2 silicon. Ormandy doesn't specifically highlight those consoles, but they fall under the umbrella of "Zen 2 class" processors. Additionally, AMD confirmed in a statement to Tom's Hardware that there could be a performance impact arising from its mitigations, but it didn't go into detail.

"Any performance impact will vary depending on workload and system configuration. AMD is not aware of any known exploit of the described vulnerability outside the research environment," AMD said.

While firmware updates are available now for the EPYC 7002 series, AMD is aiming to deliver AGESA updates to the rest of the Zen 2 lineup in November and December of this year.