The Zenbleed Vulnerability: How to Protect Your Zen 2 CPUs
A vulnerability called Zenbleed, which may cause the exposure of sensitive data, may impact TuxCare customers using certain Zen 2 processors. Please read this blog post to learn about this security flaw and how to remedy it, and make sure to check back for any updates.
The Current Status of Zenbleed
Ormandy reports that AMD has developed a firmware solution for systems affected by this vulnerability. However, there’s uncertainty about whether the new Linux firmwares, which exhibited unexplained alterations, contain these patches.
According to Tom’s Hardware, AMD confirmed that patches addressing the Zenbleed flaw are available for EPYC Rome processors. However, AMD has not clarified if these patches are ready for consumer-targeted Ryzen CPUs impacted by the issue. Questions regarding the potential performance effect of the Zenbleed patches and the release timeline for Ryzen patches remain unanswered.
We will update this blog post as new pertinent information is discovered.
What Are the Risks of Zenbleed?
Registered as CVE-2023-20593, the Zenbleed vulnerability enables data theft at a rate of 30kb per core per second, creating an efficient pathway to siphon off sensitive data processed by the CPU. The threat is universal, affecting all software running on the affected processor, including virtual machines, sandboxes, containers, and processes. The capability of this attack to extract data from across virtual machines raises significant concerns for cloud service providers and users.
All Zen 2 CPUs, including EPYC Rome processors, are vulnerable according to Ormandy:
- AMD Ryzen 3000 Series Processors
- AMD Ryzen PRO 3000 Series Processors
- AMD Ryzen Threadripper 3000 Series Processors
- AMD Ryzen 4000 Series Processors with Radeon Graphics
- AMD Ryzen PRO 4000 Series Processors
- AMD Ryzen 5000 Series Processors with Radeon Graphics
- AMD Ryzen 7020 Series Processors with Radeon Graphics
- AMD EPYC “Rome” Processors
The flaw can be exploited using unprivileged arbitrary code execution. Ormandy has shared a repository of security research and exploit code. The exploit functions by tweaking the register files to induce a mispredicted command.
Ormandy affirms that the flaw can be fixed via software for several operating systems (like Windows –”you can set the chicken bit DE_CFG”). However, this may impose a performance cost. Ormandy advises obtaining the microcode update, but we’re still awaiting details about firmware availability.
What’s the Solution?
According to Ormandy, AMD has published a microcode update for impacted processors, which can be found here.
“Your BIOS or Operating System vendor may already have an update available that includes it.”
For KernelCare Enterprise users, follow our documentation on how to update microcode for the Linux distribution you use.
While it is very much recommended to use the microcode update, Ormandy does share a workaround:
“If you can’t apply the update for some reason, there is a software workaround: you can set the chicken bit DE_CFG. This may have some performance cost.”
For Linux, you can utilize msr-tools to set the chicken bit on all cores, like so:
# wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) | (1<<9)))