Announcement

Collapse
No announcement yet.

Linux Kernel Mitigated For "Zenbleed" Vulnerability Affecting AMD Zen 2 CPUs

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • #1

    Linux Kernel Mitigated For "Zenbleed" Vulnerability Affecting AMD Zen 2 CPUs

    Phoronix: Linux Kernel Mitigated For "Zenbleed" Vulnerability Affecting AMD Zen 2 CPUs

    It looks like the updated Family 17h microcode this morning isin relation to a new Zen 2 CPU security vulnerability being disclosed. The Linux kernel has also just received a patch for this "Zenbleed" vulnerability for older AMD CPUs...

    Linux Kernel Mitigated For "Zenbleed" Vulnerability Affecting AMD Zen 2 CPUs - Phoronix
    https://www.phoronix.com/news/Linux-Mitigate-Zenbleed
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    The original website is suffering huge traffic and is not responsive atm, here's the webarchive:

    Zenbleed
    https://web.archive.org/web/20230724143835/https://lock.cmpxchg8b.com/zenbleed.html


    TLDR, another bug of the branch predictor that could leak in-memory data affecting all Zen2 processors.
    • Likes 7

    Comment

    • #3
      From what I could find out, this vulnerability is quite serious as it can be exploited through javascript. Also, the firmware fixes are apparently only targeting EPYC at this point, not consumer CPUs.
      • Likes 1

      Comment

      • #4
        What is the reason these exploits are disclosed so soon after the fixes are released?
        To quote the author,
        I found this bug by fuzzing, big surprise
        Nobody else in the world probably knew of this exploit, and wouldn't have if it wasn't publicly disclosed. Wouldn't it be better to wait weeks, if not months after releasing the binary blob firmware updates?
        • Likes 10

        Comment

        • #5
          from article
          "is morning isin relation"
          -> is in

          And thanks for the heads-up, Michael.
          Stop TCPA, stupid software patents and corrupt politicians!
          • Likes 1

          Comment

          • #6
            Originally posted by peppercats View Post
            Nobody else in the world probably knew of this exploit, and wouldn't have if it wasn't publicly disclosed. Wouldn't it be better to wait weeks, if not months after releasing the binary blob firmware updates?
            Ahh yes, security through obfuscation. That always works out real well.
            • Likes 6

            Comment

            • #7
              Originally posted by andyprough View Post

              Ahh yes, security through obfuscation. That always works out real well.
              It sounds more like "Get the fixes out as quickly as possible, and try to limit the potential exploiters to the most knowledgable/skilled ones during the period when people haven't applied them yet".
              • Likes 13

              Comment

              • #8
                Originally posted by andyprough View Post

                Ahh yes, security through obfuscation. That always works out real well.
                It works better than announcing a severe security exploit that affects a significant portion of all existing desktop & server computers after an update just released oh... a few hours ago.
                • Likes 15

                Comment

                • #9
                  AMD good Intel bad
                  • Likes 3

                  Comment

                  • #10
                    The exploit code tarball readme mentions that AMD broke the embargo early so they started rushing disclosure to distros and such.
                    • Likes 5

                    Comment

                    Previous 1 2 3 4 5 template Next
                    Working...
                    X