New vulnerability in AMD processors puts millions of computers at risk
A new security vulnerability called "Zenbleed" is said to allow attackers to steal passwords, credit card information and other data. Computers with AMD Ryzen Zen 2 CPUs are affected. Millions of users are potentially at risk.
Google security researcher Tavis Ormandy has discovered a vulnerability called "Zenbleed" in AMD Ryzen processors. All processors with Zen 2 microarchitecture are affected - i.e. the AMD Ryzen 3000, 4000, 5000, 7200 and Ryzen Pro 3000, 4000 series as well as the Epyc Rome used in data centres. Ormandy notified AMD of the vulnerability on 15 May and explained it this week in his blog.
The new vulnerability allows attacks via exploit without the need for physical access to the computer. It exploits improper handling of a speculative technique that increases CPU performance. According to the internet service provider Cloudflare, an attack can be carried out via JavaScript on a website, for example. If an attacker is successful, they can access data from the memory - at a rate of 30 kilobytes per CPU core per second.
Now AMD has reacted and published a microcode patch and distributed it to mainboard manufacturers. It remains to be seen how quickly firmware updates with the fix will be released. For all those who are unable to apply the microcode update from AMD directly, Ormandy recommends a workaround in his blog: "you can set the chicken bit DE_CFG[9]". This measure disables the affected CPU feature. A drop in performance is therefore also to be expected.
Cover image: Shutterstock
I find my muse in everything. When I don’t, I draw inspiration from daydreaming. After all, if you dream, you don’t sleep through life.