Critical Bug in AMD Processors Exposes User Credentials: Zenbleed Vulnerability Unveiled

Date:

Updated: 8:35 AM, Tue July 25, 2023

AMD Processors Exposed to Critical Bug: Zenbleed Vulnerability Unveiled

A serious bug in AMD processors has been discovered by Tavis Ormandy, an experienced bug-hunter from Google. Named Zenbleed, this speculative execution bug affects a range of AMD Ryzen and Epic Zen 2 chips. Ormandy’s technical write-up of the bug reveals that it can potentially expose user credentials, including usernames and passwords, while logins are being processed.

According to Ormandy, the bug can leak approximately 30kb of data per core, per second, making it fast enough to monitor encryption keys and passwords during user logins. The vulnerability allows an attacker logged into a cloud machine to exploit Zenbleed and spy on other tenants without needing special privileges. Ormandy also suggests that a malicious web page could serve as a possible attack vector.

The bug is linked to a specific CPU instruction known as VZEROUPPER, which is responsible for zeroing the upper 128 bits of the YMM registers. Ormandy explains that mispredictions in the instruction’s execution can lead to severe security consequences. The bug has been confirmed on several AMD processors, including Ryzen Threadripper PRO 3945WX 12-Cores; Ryzen 7 PRO 4750GE with Radeon Graphics; Ryzen 7 5700U; and EPYC 7B12.

Ormandy informed AMD about the bug back in May, and the company has released a microcode patch to address the issue. In addition to AMD’s patch, vendors like Citrix have also issued hotfixes to mitigate the CPU hardware issue. Although Citrix clarifies that the bug doesn’t directly impact its Hypervisor product, they still recommend applying the hotfix for systems running Citrix Hypervisor on AMD Zen 2 CPUs.

The discovery of Zenbleed highlights the importance of promptly addressing and patching vulnerabilities in processor architecture. While AMD has taken steps to fix the bug, it is crucial for users and organizations to install the necessary patches and updates to ensure their systems are protected. As more details emerge, it is advised to stay updated with the latest information regarding Zenbleed and any potential risks associated with it.

In conclusion, the Zenbleed vulnerability reveals a critical bug in AMD processors, potentially exposing user credentials during logins. The bug affects various AMD Ryzen and Epic Zen 2 chips, and while AMD has released a patch, users should remain vigilant and implement necessary updates to safeguard their systems.

Frequently Asked Questions (FAQs) Related to the Above News

What is the Zenbleed vulnerability?

The Zenbleed vulnerability is a critical bug discovered in AMD processors that can potentially expose user credentials, such as usernames and passwords, during logins.

Who discovered the Zenbleed vulnerability?

The Zenbleed vulnerability was discovered by Tavis Ormandy, a bug-hunter from Google.

Which AMD processors are affected by the Zenbleed vulnerability?

The Zenbleed vulnerability affects a range of AMD Ryzen and Epic Zen 2 chips. Some of the affected processors include Ryzen Threadripper PRO 3945WX 12-Cores, Ryzen 7 PRO 4750GE with Radeon Graphics, Ryzen 7 5700U, and EPYC 7B12.

How does the Zenbleed vulnerability work?

The Zenbleed vulnerability is linked to a specific CPU instruction called VZEROUPPER, which is responsible for zeroing the upper 128 bits of the YMM registers. Mispredictions in the execution of this instruction can lead to data leaks, potentially exposing sensitive information like encryption keys and passwords.

What is the impact of the Zenbleed vulnerability?

The Zenbleed vulnerability can leak approximately 30kb of data per core, per second. This makes it fast enough for attackers to monitor encryption keys and passwords during user logins. If successfully exploited, an attacker logged into a cloud machine could spy on other tenants without needing special privileges. A malicious web page could also serve as a possible attack vector.

Has AMD addressed the Zenbleed vulnerability?

Yes, AMD has been informed about the Zenbleed vulnerability by Tavis Ormandy in May. They have released a microcode patch to address the issue.

Are there any other measures to mitigate the Zenbleed vulnerability?

Yes, apart from AMD's patch, vendors like Citrix have also issued hotfixes to mitigate the CPU hardware issue. While Citrix clarifies that the bug doesn't directly impact its Hypervisor product, they recommend applying the hotfix for systems running Citrix Hypervisor on AMD Zen 2 CPUs.

What should users and organizations do to protect their systems from the Zenbleed vulnerability?

Users and organizations should promptly install the necessary patches and updates provided by AMD and other relevant vendors to ensure their systems are protected. It is important to stay updated with the latest information regarding Zenbleed and any potential risks associated with it.

Is there a timeframe for when the Zenbleed vulnerability was disclosed?

The Zenbleed vulnerability was disclosed by Tavis Ormandy to AMD in May. However, the exact date has not been specified in the news article.

Please note that the FAQs provided on this page are based on the news article published. While we strive to provide accurate and up-to-date information, it is always recommended to consult relevant authorities or professionals before making any decisions or taking action based on the FAQs or the news article.

Neha Sharma
Neha Sharma
Neha Sharma is a tech-savvy author at The Reportify who delves into the ever-evolving world of technology. With her expertise in the latest gadgets, innovations, and tech trends, Neha keeps you informed about all things tech in the Technology category. She can be reached at neha@thereportify.com for any inquiries or further information.

Share post:

Subscribe

Popular

More like this
Related

Moroccan Tomatoes Face EU Protests Amid Unfair Competition Shock, Morocco

EU protests erupt over Moroccan tomatoes as French farmers accuse supplier of unfair competition, sparking a heated debate.

Trump Trade Tensions Surge, Gold Opportunity Rises, Russia

Trump Trade tensions surge, gold opportunity rises - seize the chance of a lifetime with this stunning look at gold. Exciting times ahead!

German Govt’s Bitcoin Sell-Off Boosts Market Confidence, Germany

German Govt's Bitcoin sell-off boosts market confidence, sparking optimism among investors amid stable prices. Learn from this event for future investments!

First Human Case of West Nile Virus Confirmed in Cook County, Illinois, US

First human case of West Nile Virus confirmed in Cook County, Illinois. Learn how to 'Fight the Bite' and protect yourself from mosquito-borne illnesses.