WARNING: Important sensitive information disclosure vulnerability in AMD Zen CPUs
CVE-2023-20593
Sources
Zenbleed - https://lock.cmpxchg8b.com/zenbleed.html#vulnerability
Risks
The vulnerability has a HIGH impact on Confidentiality that affects all operating systems, as it is a hardware flaw affecting AMD processors.
Furthermore, exploit code is publicly available for this vulnerability.
Description
CVE-2023-20593: Disclosure of sensitive information
An issue in AMD’s Zen CPUs, under specific microarchitectural circumstances, allow an attacker to potentially access sensitive information at a rate of 30 kb per core, per second. This is fast enough to monitor encryption keys and passwords as users login.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to check with their BIOS or Operating System vendor for an available update.
AMD have also released an microcode update for affected processors.
References
Securityweek - https://www.securityweek.com/wiz-says-62-of-aws-environments-exposed-to-zenbleed-exploitation/
Nist - https://nvd.nist.gov/vuln/detail/CVE-2023-20593