Posted on July 26, 2023 at 4:43 PM
Security Researcher Uncovers Zenbleed Vulnerability That Can Steal Sensitive Details
A researcher at Google Security has detected a new security flaw within the AMD Zen 2 processors. Tavis Ormandy has said that this security vulnerability, known as Zenbleed, could allow a hacker to steal passwords, cryptographic keys, and other forms of sensitive details from software existing on vulnerable devices.
New security flaw on AMD’s Zen 2 processors
The security researcher has detailed the new findings in a blog post, saying that this security vulnerability is being tracked as CVE-2023-20593. AMD was initially alerted about this security flaw in mid-May.
CVE-2023-20593 allows a hacker to run malicious code remotely using JavaScript on a webpage. Moreover, the flaw does not need the hacker to have physical; access to the compromised system.
The exploit conducted using this flaw can be used in transferring data at fast speeds of at least 30kb per core per second. On the other hand, security researchers at Cloudflare have said that the vulnerability within AMD’s Zen 2 processors is being triggered by the register not being written to 0 in the correct manner.
“The vulnerability in AMD’s Zen 2-architecture-based CPUs, wherein data from another process and/or thread could be stored in the YMM registers, a 256-bit series of extended registers, potentially allowing an attacker access to sensitive information,” a Cloudflare report said.
Cloudflare further explained that this security flaw is triggered by the register not being written to zero correctly under specified microarchitectural circumstances. While the error is usually linked to speculative execution, Cloudflare explained that it is not usually a side-channel vulnerability.
The attack works by manipulating register files to trigger a mispredicted command. The attack starts through a trigger on the XMM Register Merge Optimization 2. The latter is a hardware mitigation that is used to protect against any form of speculative execution exploits.
The process is followed by register remapping, which is a technique that is used within the computer processor design to resolve any name conflicts between the logical and physical registers. Afterward, there will be a mispredicted instruction call to vzeroupper with an instruction that will zero the upper half of the YMM and ZMM registers.
The register file is usually shared by the processes that run under a similar physical core. The hacking exploit can, therefore, be used to eavesdrop on some fundamental system operations through monitoring data transferred between the CPU and the rest of the computer system.
CVE-2023-20593 comes with an exact timing for it to be successfully executed. As such, the vulnerability has a CVSS score of 6.5, indicating medium severity. As such, it is paramount that the affected processors patch their units to guarantee that there is a minimized chance of the exploit happening.
AMD says vulnerability causes information leak
AMD has released a security advisory on this security vulnerability. The security advisory has described this security flaw as being a “cross-process information leak. The company has also shared a microcode patch for second-generation Epyc 7002 processors to guarantee they will not be vulnerable to hacking exploits.
AMD has said that it plans to release updates for its high-end desktops in October this year. The company is also planning to release Ryzen 4,000 mobile processors in November. The updates will offer a higher level of security and protect users from such flaws being exploited in the wild.
AMD is also expected to release a fix for the Ryzen 3000 and 4000 desktop CPUs and Ryzen 5000 and 7020 mobile processors. The fix is expected to be released in December this year, in what will be seen as a major win for the company in boosting security.
While these updates will go a long way in enhancing security, they might also affect the system’s performance. The performance is usually determined by the workload and the PC configuration.
AMD shared a statement to Toms Hardware saying that any impact on performance would vary based on the workload and the system configuration. AMD has also said that it is not aware of a known exploit to any of the described flaws beyond the research environment, indicating that malicious threat actors have not exploited this flaw.
The research that was published by Ormandy has also included details about a temporary solution to this vulnerability. This solution can work before the updates are installed. Ormandy noted that a control bit could disable some functionality, therefore preventing any potential exploitation of the flaw. The researcher has warned that this temporary solution can also affect performance.