A Google security researcher has discovered a new vulnerability in AMD Zen 2 processors. By exploiting the bug, a hacker can steal sensitive data from users.
Tavis Ormandy explained in a blog how the bug works. It involves a misconfigured recovery attempt after a so-called “vzeroupper” instruction. By encouraging specific hardware behaviour, Ormandy was able to reproduce the bug.
One of the variants of this bug can lead to data leakage at a rate of 30kb per core, per second.
The bug occurs in AMD’s Zen 2 processors, which have been on the market since 2019. These include the Ryzen 3000 series on desktops, Threadripper 3000 for workstations and Epyc server chips from the 7000 series. Embedded systems can also run on Zen 2 architecture, including everything from parking meters to air conditioning units.
As it happens, Zen 2 was designed with a fix for an earlier bug that affected the first Ryzen processors, among others: Spectre. Thus, a bug that allows advanced levels of access still surfaced. However, an actual attack via Zenbleed is difficult to imagine, as access to the local system and a high level of knowledge about the exploit is required.