Topic: Vulnerability of Zen 2 processors (Read 35 times)
Holy moly, this is crazy. Glad I don't have AMD processor, been a Intel fan since early 2012s. I am sure this vulnerability is here since months if not year(s). Imagine getting attack just because your CPU has a vulnerability, and every page on the modern world wide web consists of JavaScript, so you can't even save yourself from this attack. Those with the same processors, I would recommend keeping Malwarebytes running, it will surely prevent from known rootkits and viruses.
Update 7/24/23 5:40pm PT: Added a statement from Google and also a full list of all impacted processors and the expected dates for patches for each model.
Update 7/24/23 1:30pm PT: AMD has responded with key details and published a security advisory with the expected dates for new firmwares, many of which don't arrive until the end of the year. We have added that information to the original article below.
Original Article Published 7/24/23 8:45am PT:
Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.
https://www.tomshardware.com/news/zenbleed-bug-allows-data-theft-from-amds-zen-2-processors-patches-released
Update 7/24/23 1:30pm PT: AMD has responded with key details and published a security advisory with the expected dates for new firmwares, many of which don't arrive until the end of the year. We have added that information to the original article below.
Original Article Published 7/24/23 8:45am PT:
Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.
https://www.tomshardware.com/news/zenbleed-bug-allows-data-theft-from-amds-zen-2-processors-patches-released
Jump to: