All AMD processors with Zen 2 architecture found a serious vulnerability

Google Information Security Researcher Tavis Ormandy told about a new vulnerability he discovered in AMD processors with Zen 2 architecture. It allows the theft of protected information from a computer, including encryption keys and account information. The vulnerability was named Zenbleed.

Zenbleed reportedly does not require physical access to a computer. Exploiting the vulnerability is even possible remotely using Javascript on a web page. In case of successful execution, the security hole allows transferring 30 KB of data per second per core. This is enough to get sensitive data from any program running on the system.

Tom's Hardware notes that the flexibility of such exploits is especially dangerous for cloud services through which attackers can monitor other people's computers. Worst of all, Zenbleed is hard to detect: its exploit does not require special permissions and privileges, so there are no reliable ways to fix it.

Here is a list of affected processor series:

• AMD EPYC Rome;
• AMD Ryzen 3000;
instagram viewer
• AMD Ryzen 4000 with Radeon Graphics;
• AMD Ryzen 5000 with Radeon Graphics;
• AMD Ryzen 7020;
• AMD Ryzen Pro 3000WX.

AMD already acknowledged problem and released a microcode patch for the second generation of EPYC 7002 server processors. For other processors, the patch is expected to be released in October-December. It is noteworthy that such a patch can potentially reduce the performance of the computer.

It is noted that AMD has no information about the actual use of such an exploit outside of research laboratories.