The chip giant scored the flaw as a medium severity one, describing it as a "cross-process information leak."Ī microcode patch for Epyc 7002 processors is available now. The bug affects all AMD Zen 2 processors including the following series: Ryzen 3000 Ryzen Pro 3000 Ryzen Threadripper 3000 Ryzen 4000 Pro Ryzen 4000, 5000, and 7020 with Radeon Graphics and Epyc Rome datacenter processors.ĪMD today issued a security advisory here, using the identifiers AMD-SB-7008 and CVE-2023-20593 to track the vulnerability. While the exploit runs, it shows off the sensitive data being processed by the box, which can appear in fragments or in whole depending on the code running at the time. It should also work in virtualized guests that run on the bare metal. Proof-of-concept exploit code, produced by Ormandy, is available here, and we've confirmed it works on a Zen 2 Epyc server system when running on bare metal. It's understood a malicious webpage, running some carefully crafted JavaScript, could quietly exploit Zenbleed on a personal computer to snoop on this information. Malware already running on a system, or a rogue logged-in user, can exploit Zenbleed without any special privileges and inspect data as it is being processed by applications and the operating system, which can include sensitive secrets, such as passwords. Exploiting Zenbleed involves abusing speculative execution, though unlike the related Spectre family of design flaws, the bug is pretty easy to exploit. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants. Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. Think the drive needs a firmware update but its going in a USB enclosure FWIW.AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Be interesting what the score would be after disabling the security patches. Of course I ran it on a live system so its not a 100% representative benchmark of the drive but still looks bad. I ran an HDTune Benchmark as well this morning, caching enabled in the driver, and got subpar scores: In any case I just ordered a Western Digital Blue 3D Sata 6G M.2 drive to replace it yesterday so it should be interesting if things improve. However after google searching this morning I discovered that the Samsung PM851 drive that is in there is affected by a slowdown issue much like the one affecting the 840 EVO line as both are TLC. I ran the InSpectre Utility and it stated that I am completely patched and protected with minimal system performance affect as supposedly my processor is modern enough not to be affected. You can then at least decide if the patch warrants the speed hit. It will tell you whether you are currently patched against the Spectre and Meltdown vulnerabilities, but more importantly, it may give you the option to disable the Meltdown patch. Anything older than that can’t be patched at all, and anything newer (beginning with Haswell) has the CPU feature set which allows the fast fix.ĭownload the utility InSpectre. Since the needed feature for a fast fix is not in the CPU, an inefficient fix (cache flushing) has to be implemented. The slow down is caused by the fix for Meltdown on Westmere, Sandy Bridge, and Ivy Bridge Intel CPUs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |