Update 7/24/23 1:30pm PT: AMD has responded with key details and published a security advisory with the expected dates for new firmwares, many of which don't arrive until the end of the year. Google also sent us a statement. We have added that information to the original article below.
Original Article Published 7/24/23 8:45am PT:
Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.
AMD didn't have an advisory ready at the time of publication, but the company did add the AMD-SB-7008 Bulletin several hours later. AMD has patches ready for its EPYC 7002 'Rome' processors now, but it will not patch its consumer Zen 2 Ryzen 3000, 4000, and some 5000-series chips until November and December of this year. AMD's processors used in the PS5, Xbox Series X and S, and Steam Deck are all also powered by Zen 2 chips, but it remains unclear if those are impacted. We're following up for more details. We have added details further below about mitigation schedules.
AMD hasn't given specific details of any performance impacts but did issue the following statement to Tom's Hardware: “Any performance impact will vary depending on workload and system configuration. AMD is not aware of any known exploit of the described vulnerability outside the research environment.”
AMD's statement implies there will be some performance impact from the patches, but we'll have to conduct independent benchmarks when the patches arrive for the consumer Ryzen products. In the meantime, we've asked AMD for any ballpark figures it can share.
The Zenbleed vulnerability is filed as CVE-2023-20593 and allows data exfiltration (theft) at a rate of 30kb per core, per second, thus providing adequate throughput to steal sensitive information flowing through the processor. This attack works across all software running on the processor, including virtual machines, sandboxes, containers, and processes. The ability for this attack to read data across virtual machines is particularly threatening for cloud service providers and those who use cloud instances.
The attack can be accomplished via unprivileged arbitrary code execution. Ormandy has posted a security research repository and code for the exploit. The attack works by manipulating the register files to force a mispredicted command (meaning it eploits the speculative execution engine), as described below:
"The bug works like this, first of all you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. This all has to happen within a precise window to work.
We now know that basic operations like strlen, memcpy and strcmp will use the vector registers - so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever!
This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file," says Ormandy.
AMD describes the exploit much more simply, saying, "Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information."
Ormandy says the bug can be patched through a software approach for multiple operating systems (e.g., Windows -"you can set the chicken bit DE_CFG[9]"), but this might result in a performance penalty. Ormandy says it is highly recommended to get the microcode update, but his post also has examples of software mitigations for other operating systems, too.
Here's a list of the impacted processors, and the schedule for the release of the AGESA versions to OEMs:
Below, we have a more detailed list with the model number of each impacted chip and the expected data for the new AGESA to arrive. AMD's AGESA is a code foundation upon which the OEMs build BIOS revisions. You will need to update to a BIOS with the above-listed AGESA code, or newer, to patch your system.
“We are aware of the AMD hardware security vulnerability described in CVE-2023-20593, which was discovered by Tavis Ormandy, a Security Researcher at Google, and we have worked with AMD and industry partners closely. We have worked to address the vulnerability across Google platforms.” - Google spokesperson.
Ormandy says he reported the issue to AMD on May 15, 2023, but it still remains unclear if this was a coordinated disclosure — AMD didn't seem prepared for the announcement. Ormandy also credits his colleagues; "I couldn’t have found it without help from my colleagues, in particular Eduardo Vela Nava and Alexandra Sandulescu. I also had help analyzing the bug from Josh Eads."