With the latest technological advancements in the modern world, cybercrime is on the rise as well. People are becoming more and more dependent on technology for their daily activities. In recent years researchers have found a ton of security bugs and loopholes in the processor. In 2018, the Spectre and Meltdown CPU exploits were presented in the world. Now recently, on July 24, 2023, another exploit was publicly disclosed. It was first reported in May and is specific to AMD processors built on Zen 2 architecture. The bug is named ‘Zenbleed’.
Table of Contents
What is ‘Zenbleed’
Zenbleed is a new bug discovered by Google security researcher Travis Ormandy. It impacts AMD Zen 2 CPUs and it could steal sensitive data such as passwords and encryption keys at a rate of 30kb/s. AMD ‘Zenbleed’ bug can be caused by improper handling of instruction called “vzeroupper”. The vulnerability occurs during speculative execution, a common performance-enhancing technique used in modern processors.
Google security researcher Travis Ormandy said that “The bug works like this, first of all, you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. This all has to happen within a precise window to work. We now know that basic operations like strlen, memcpy and strcmp will use the vector registers – so we can effectively spy on those operations happening anywhere on the system. This works because the register file is shared by everything on the same physical core. In fact, two hyper threads even share the same physical register file.”
How to deal with AMD Zenbleed?
A microcode patch for second-generation Epyc-7002 processors has been released by AMD. However, updates for other processors are not arriving until October or December. The performance after the update will depend on workload and system configuration. Although it is recommended to install AMD’s microcode update for every user.
The increased hacking incidents happening around us have forced people to become more and more aware of their devices and appliances. People are becoming more involved in setting a control bit to disable some of the functionality that prevents exploitation. The microcode update can impact the system’s performance but it is better to be safe than to be sorry.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App. You can find the latest car and bike news here.