AMD Zen 2 CPUs Now Vulnerable to “ZenBleed” Bug, Puts Several PCs at Risk

wccftech.com:

AMD Zen 2 platform has reportedly been vulnerable to a new "Zenbleed" bug, contributing to large-scale data theft and several potential attacks.

Tavis Ormandy, a researcher at Google Information Security, initially discovered the vulnerability. The bug expands to all processors within the Zen 2 architecture, such as Ryzen 3000/4000/5000 and AMD EPYC CPUs. The "Zenbleed" bug doesn't require a physical platform and can be executed through web pages and online data. However, one positive aspect is that AMD has acknowledged the vulnerability by releasing a "Security Bulletin," highlighting the issue in detail.

Expanding on the "Zenbleed" bug, it facilitates illegal data extraction at 30kb per core per second. Since this attack is mainly software-based, it can steal information through all software elements running on the processor, such as virtual machines. The bug can be executed through an unprivileged arbitrary code execution by changing the register files. Here is how the security expert details the bug:

The bug works like this, first of all you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. This all has to happen within a precise window to work.

We now know that basic operations like strlen, memcpy and strcmp will use the vector registers - so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever!

This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file.

The "Zenbleed" bug is said to impact the performance of the