AMD’s Zen 2 platform could be at risk due to a new bug, named Zenbleed, which was discovered by a Google security researcher.
A new vulnerability has been discovered for older AMD Zen 2 CPUs, like the popular Ryzen 3000 series. This vulnerability could potentially leave your sensitive data at risk, including passwords, logins, and more. The vulnerability was discovered by Google security researcher Tavis Ormandy, who named it “Zenbleed”.
Zenbleed was reported to AMD before Ormandy published a paper in his blog about how the exploit works. The exploit works on all processors which use a Zen 2 core, including certain data center products. The exploit can extract data via any software process running on the CPU itself, including virtual machines.
It’s also believed that the Zenbleed exploit can slow down the performance of Zen 2 CPUs, too.
AMD is already working on a fix, but it’ll take some time
Luckily, AMD is already aware of the issue, and is planning on patching up the AESGA firmware for all affected CPUs. But, you might be waiting until the end of the year.
Subscribe to our newsletter for the latest updates on Esports, Gaming and more.
Cloudflare also explains that the exploit does not require access to a PC to use the Zenbleed exploit, which can be accessed via Javascript. Despite only transferring data at 30kb/s, it is still enough to steam data from any software running on the system.
Even worse, Zenbleed can run completely undetected by your system, since it doesn’t require any special access to use. This means that the vulnerability could leave you at risk. It’s disappointing to see AMD seemingly being so lax with the ETA for a fix, though Ormandy notes that a software fix is possible through software tuning, and would be difficult to implement for many users.
The developer first noticed the exploit in May, and after AMD has seemingly not resolved the issue quickly enough, has gone public with his findings.
AMD currently plans to showcase new graphics cards at Gamescom 2023, such as the RX 7800. But, Zenbleed might cast a looming shadow upon them.