WARNING: Important sensitive information disclosure vulnerability in AMD Zen CPUs
CVE-2023-20593
Bronnen
Zenbleed - https://lock.cmpxchg8b.com/zenbleed.html#vulnerability
Risico’s
The vulnerability has a HIGH impact on Confidentiality that affects all operating systems, as it is a hardware flaw affecting AMD processors.
Furthermore, exploit code is publicly available for this vulnerability.
Beschrijving
CVE-2023-20593: Disclosure of sensitive information
An issue in AMD’s Zen CPUs, under specific microarchitectural circumstances, allow an attacker to potentially access sensitive information at a rate of 30 kb per core, per second. This is fast enough to monitor encryption keys and passwords as users login.
Aanbevolen acties
The Centre for Cyber Security Belgium strongly recommends system administrators to check with their BIOS or Operating System vendor for an available update.
AMD have also released an microcode update for affected processors.
Referenties
Securityweek - https://www.securityweek.com/wiz-says-62-of-aws-environments-exposed-to-zenbleed-exploitation/
Nist - https://nvd.nist.gov/vuln/detail/CVE-2023-20593