New Zenbleed Vulnerability: What It Is, How to Fix It

Zenbleed (CVE-2023-20593) was announced today. This is a vulnerability affecting AMD processors based on the Zen2 microarchitecture (certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop computers). The bug is a speculative execution bug, but somewhat different from the speculative execution side channel bugs we’ve seen in the past (eg, Meltdown and Spectre).

What does the Zenbleed vulnerability do?

The Zenbleed bug allows an attacker to exfiltrate information from sibling processes or VMs without any special privilege. For example, using this vulnerability, an attacker might be able to view sensitive information being processed in another application or VM running on the same machine (things like passwords, SSH keys, etc). The disclosure of this bug was accompanied with a PoC (proof of concept code), indicating that the means to exploit this vulnerability is already out there.

How do you fix it?

Since this vulnerability is caused by a CPU hardware bug, the only real fix is to update your CPU microcode (or use a patched base OS/hypervisor that has a specific workaround for this issue, if no new microcode is available for the CPU you are using). CPU microcode updates can be applied by updating the BIOS on your machine, and/or applied at OS kernel load time if a BIOS update cannot be applied or is unavailable.

Today, new Linux kernels were released to address this vulnerability. Deepfactor strongly recommends upgrading to these kernels as soon as you can (this includes server infrastructure, as well as developer machines). The steps required to upgrade your kernel vary by Linux distribution; consult your distribution’s web site for instructions (typically this involves just a couple of commands and a reboot). Please note that this bug affects all operating systems running on the affected CPUs, so if you’re running another OS (Windows, for example), you should check with your OS vendor for patches.

Be vigilant, from application security to hardware

While this CVE is not something typically associated with what Deepfactor helps detect (we detect application vulnerabilities and correlate those vulnerabilities based on dependency usage), we wanted to remind all our customers and partners that IT security is a wide field and runs the gamut from application security all the way down to hardware bugs. It’s always important to remember to keep all levels of your infrastructure patched and up to date.

Stay safe and secure out there! And if you would like to understand what Deepfactor helps detect, you can watch this 12-minute demo video.

Frequently Asked Questions

1. What is the Zenbleed vulnerability (CVE-2023-20593) and who does it affect?

Answer: Zenbleed is a vulnerability affecting AMD processors based on the Zen2 microarchitecture, including certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop computers. It is a speculative execution bug that allows attackers to exfiltrate information from sibling processes or virtual machines without requiring special privileges.

2. How does the Zenbleed vulnerability exploit work?

Answer: The Zenbleed vulnerability enables attackers to view sensitive information processed in other applications or VMs running on the same machine. This could include confidential data such as passwords, SSH keys, and other sensitive information.

3. What is the recommended fix for the Zenbleed vulnerability?

Answer: Since Zenbleed is caused by a CPU hardware bug, the primary fix is to update the CPU microcode. This can be done by updating the BIOS on your machine or applying microcode updates at OS kernel load time if a BIOS update is not available. New Linux kernels have been released to address this vulnerability, so it is strongly recommended to upgrade to these kernels as soon as possible.

4. How can users upgrade their Linux kernels to mitigate the Zenbleed vulnerability?

Answer: The steps to upgrade your kernel may vary depending on your Linux distribution. Typically, it involves running a couple of commands and rebooting the system. Users are advised to consult their distribution’s website for specific instructions on upgrading their kernel.