This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products:
AMD Ryzen 3000 Series Processors
AMD Ryzen PRO 3000 Series Processors
AMD Ryzen Threadripper 3000 Series Processors
AMD Ryzen 4000 Series Processors with Radeon Graphics
AMD Ryzen PRO 4000 Series Processors
AMD Ryzen 5000 Series Processors with Radeon Graphics
AMD Ryzen 7020 Series Processors with Radeon Graphics
AMD EPYC “Rome” Processors
We reported this vulnerability to AMD on the 15th May 2023.
AMD have released an microcode update for affected processors. Your BIOS or Operating System vendor may already have an update available that includes it.
How would a malicious actor exploit this? Do I just have to visit a malicious website or do they have to run code outside of the browser? What's the worst case scenario for personal computers?
How would a malicious actor exploit this? Do I just have to visit a malicious website or do they have to run code outside of the browser? What's the worst case scenario for personal computers?
According to the following quote, visiting a malicious website with JavaScript enabled would suffice to carry out the exploit. https://www.theregister.com/2023/07/24/amd_zenbleed_bug/
According to the following quote, visiting a malicious website with JavaScript enabled would suffice to carry out the exploit.
Malware already running on a system, or a rogue logged-in user, can exploit Zenbleed without any special privileges and inspect data as it is being processed by applications and the operating system, which can include sensitive secrets, such as passwords.
It's understood a malicious webpage, running some carefully crafted JavaScript, could quietly exploit Zenbleed on a personal computer to snoop on this information.
How would a malicious actor exploit this? Do I just have to visit a malicious website or do they have to run code outside of the browser? What's the worst case scenario for personal computers?
According to the following quote, visiting a malicious website with JavaScript enabled would suffice to carry out the exploit.
https://www.theregister.com/2023/07/24/amd_zenbleed_bug/
Thanks!
I was going to invest in a 5600G, but it sounds like those are affected. And no patch until December! What a bummer.
I'm getting deja vu