Black Arrow Cyber Advisory 25 July 2023 – ‘Zenbleed’ Vulnerability Affecting AMD Zen2 Processors

Written By Black Arrow Admin

Executive Summary

A vulnerability dubbed as ‘Zenbleed’ was discovered in AMD's Zen2 microarchitecture which could enable an malicious attacker to steal sensitive data, such as passwords and encryption keys. The Zenbleed vulnerability has been found to affect all AMD Zen 2 processors, including various models of the Ryzen processor and EPYC processor series.  Zenbleed requires local account access to the target system and a high degree of specialization and knowledge to exploit, however a proof of concept has now been publicly released.

What’s the risk to me or my business?

Exploitation of this vulnerability could compromise the confidentiality of data held or accessed through an affected device, allowing an attacker to gain unauthorised access to sensitive data. In addition, detection of the exploitation has been reported as almost impossible due to there being no requirement for elevated privileges to perform the attack. This vulnerability could also allow a malicious actor on a shared tenancy environment to access information running on the same server from a different tenant.

What can I do?

This vulnerability affects all Zen 2 class processors and as such it is essential to prioritise the patching of the upcoming updates to protect devices from this vulnerability when they become available. AMD has released a security bulletin detailing the AGESA Firmware updates which will be included within the BIOS updates for affected processors, and have classified the vulnerability as ‘Medium’ severity. Microcode updates have been created for the affected AMD EPYC processors, however updates for the Desktop, Mobile, High-end Desktop and Workstation processors are scheduled for later in the year. Once OEM’s have released BIOS updates it is strongly recommended that they are applied after appropriate testing has taken place.

In the meantime, a workaround has been recommended by the security researcher who discovered the vulnerability. If you are unsure whether you are impacted or how to implement the mitigation, then you should contact your vendor/MSP. Please note, workarounds are not a permanent fix and Black Arrow maintains that the patches should be applied when available.

Technical Summary

CVE-2023-20593 – If successfully exploited this vulnerability allows a malicious actor to access sensitive data from any system operation including those taking place in virtual machines, isolated containers, and sandboxes.

Affected product ranges include:

  • 2nd Generation AMD EPYC “Rome” Processors

  • AMD Ryzen 3000 and 4000 series Desktop Processors

  • AMD Ryzen Threadripper 3000 and 3000WX series High End Desktop and Workstation Processors

  • AMD Ryzen 4000, 5000 and 7020 series Mobile Processors

Further details of the Zenbleed vulnerability can be found here:

https://lock.cmpxchg8b.com/zenbleed.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

Black Arrow Admin
Previous

Black Arrow Cyber Threat Briefing 28th July 2023
Next

Black Arrow Cyber Advisory 25 July 2023 – Newly Exploited Apple-Zero Day Addressed, Patch Now