New Zenbleed Vulnerability: What It Is, How to Fix It

Zenbleed (CVE-2023-20593) was announced today. This is a vulnerability affecting AMD processors based on the Zen2 microarchitecture (certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop computers). The bug is a speculative execution bug, but somewhat different from the speculative execution side channel bugs we’ve seen in the past (eg, Meltdown and Spectre).

What does the Zenbleed vulnerability do?

The Zenbleed bug allows an attacker to exfiltrate information from sibling processes or VMs without any special privilege. For example, using this vulnerability, an attacker might be able to view sensitive information being processed in another application or VM running on the same machine (things like passwords, SSH keys, etc). The disclosure of this bug was accompanied with a PoC (proof of concept code), indicating that the means to exploit this vulnerability is already out there.

How do you fix it?

Since this vulnerability is caused by a CPU hardware bug, the only real fix is to update your CPU microcode (or use a patched base OS/hypervisor that has a specific workaround for this issue, if no new microcode is available for the CPU you are using). CPU microcode updates can be applied by updating the BIOS on your machine, and/or applied at OS kernel load time if a BIOS update cannot be applied or is unavailable.

Today, new Linux kernels were released to address this vulnerability. Deepfactor strongly recommends upgrading to these kernels as soon as you can (this includes server infrastructure, as well as developer machines). The steps required to upgrade your kernel vary by Linux distribution; consult your distribution’s web site for instructions (typically this involves just a couple of commands and a reboot). Please note that this bug affects all operating systems running on the affected CPUs, so if you’re running another OS (Windows, for example), you should check with your OS vendor for patches.

Be vigilant, from application security to hardware

While this CVE is not something typically associated with what Deepfactor helps detect (we detect application vulnerabilities and correlate those vulnerabilities based on dependency usage), we wanted to remind all our customers and partners that IT security is a wide field and runs the gamut from application security all the way down to hardware bugs. It’s always important to remember to keep all levels of your infrastructure patched and up to date.

Stay safe and secure out there! And if you would like to understand what Deepfactor helps detect, you can watch this 12-minute demo video.