HQ/EMEAFind out how we can help your business
Researchers discovered a new security vulnerability in AMD’s Zen 2 processors, which they called Zenbleed. Based on reports, threat actors could exploit the security flaw to exfiltrate sensitive data like passwords and encryption keys.
The vulnerability in question is CVE-2023-20593 which has a critical severity score of 6.5 out of 10. Threat analysts stated that the flaw could allow unauthorised individuals to extract about 30 kilobytes per core per second.
Zenbleed is part of various security vulnerabilities under the category of speculative execution attacks.
Zenbleed is part of a broader category of security flaws dubbed speculative execution attacks, in which threat actors exploit the optimisation technique widely used by users in new CPUs to access cryptographic keys from CPU registers.
AMD explained in their advisory that a user could not write remotely in a register in Zen 2 CPUs under specific microarchitectural circumstances. This tactic could cause information from other processes and threads to be stored in the YMM register, potentially allowing an unauthorised individual to access sensitive information.
A separate researcher noted that a threat actor could execute the attack remotely through JavaScript on a website. Hence, a potential attack could not require physical access to the infected computer or server.
Furthermore, researchers explained that threat actors could efficiently execute vectorised operations through the YMM registers. Apps that process large amounts of information are the usual prioritised target of such malicious activities.
The attack could work by manipulating register files to force a mispredicted command since the user shares a register file with all the processes operating on the same physical core. Therefore, actors could exploit such capability to spy on even the most fundamental system operations via data monitoring details transferred between the CPU and the computer.
Researchers have yet to find substantial evidence that threat actors abuse the newly discovered bug. However, users should still apply microcode updates to mitigate potential risks and avoid potential exploits from hackers that leverage the vulnerability. Security researchers expect some threat groups to use this flaw in a targeted cybercriminal attack.
