When looking at all the CPU vulnerabilities in the recent years even until this day. We see mitigations taking place in microcode or OS level. But the performance impact is huge! Sometimes 30%-50% decrease in performance on specific tasks like databases!
Question: can we get some compensation as consumer? Since both Intel and AMD sold hardware that doesn't give the promised results. #specre#meltdown#hertzbleed#Zenbleed#Inception#vulnerability#security#secops#compensation#money
On the @ubuntu#Security Podcast this week we look at the AMD #Zenbleed vuln plus we cover security updates for the Linux kernel, a high profile OpenSSH vuln and finally Andrei is back covering recent academic research in machine learning safeguards https://ubuntusecuritypodcast.org/episode-204/
We have a huge #AMD vulnerability discovered called #Zenbleed. Patches are already available in #Linux but not #Windows and official updates may not be until October
#AMD#Zen2 CPUs were found to be vulnerable to a speculative execution bug called #Zenbleed that allows attackers to leak credentials and break encryption.
The good news is that AMD has issued a microcode update, the bad news is that it's only available for their #Epyc 7002 line. The fix for consumer & workstation Ryzen products containing the Zen2 cores will need to wait for a couple months for the fix.
A new vulnerability impacting AMD’s line of Zen 2 processors — which includes popular CPUs like the budget-friendly Ryzen 5 3600 — has been discovered that can be exploited to steal sensitive data like passwords and encryption keys. Google security researcher Tavis Ormandy disclosed the “Zenbleed” bug (filed as...
The #zenbleed vulnerability (CVE-2023-20593) has been patched in edge and stable versions v3.15-v3.18 in #AlpineLinux. Make sure that the amd-ucode package is installed so that you get ucode updates. For consumer CPUs, AMD will only provide updates later this year. The latest kernel version will automatically toggle the chicken bit if the relevant ucode upgrades have not been applied.
"""Add a fix for the Zen2 VZEROUPPER data corruption bug where under certain circumstances executing VZEROUPPER can cause register corruption or leak data.
The optimal fix is through microcode but in the case the proper microcode revision has not been applied, enable a fallback fix using a chicken bit."""
AMD ‘Zenbleed’ bug can leak passwords from Ryzen CPUs (www.theverge.com)
A new vulnerability impacting AMD’s line of Zen 2 processors — which includes popular CPUs like the budget-friendly Ryzen 5 3600 — has been discovered that can be exploited to steal sensitive data like passwords and encryption keys. Google security researcher Tavis Ormandy disclosed the “Zenbleed” bug (filed as...