Encryption-breaking, password-leaking bug in many AMD CPUs could take months to fix
A recently disclosed bug in many of AMD’s recent consumer, workstation, and server processors can cause the chips to leak data at a rate of up to 30 kilobytes per core per second, writes Tavis Ormandy, a member of Google’s Project Zero security team. Executed properly, the so-called “Zenbleed” vulnerability (CVE-2023-20593) could give attackers access to encryption keys and root and user passwords, along with other sensitive data from any system using a CPU based on AMD’s Zen 2 architecture.
The bug allows attackers to swipe data from a CPU’s registers. Modern processors attempt to speed up operations by guessing what they’ll be asked to do next, called “speculative execution.” But sometimes the CPU guesses wrong; Zen 2 processors don’t properly recover from certain kinds of mispredictions, which is the bug that Zenbleed exploits to do its thing.
The bad news is that the exploit doesn’t require physical hardware access and can be triggered by loading JavaScript on a malicious website. The good news is that, at least for now, there don’t seem to be any cases of this bug being exploited in the wild yet, though this could change quickly now that the vulnerability has been disclosed, and the bug requires precise timing to exploit.