Skip Navigation

InGameLoop relies on readers. We may earn commissions when you purchase through our links. Check Affiliate Disclosure

AMD ‘Zenbleed’ bug can leak passwords from Ryzen CPUs

The 'Zenbleed' vulnerability affects AMD Ryzen processors, which are widely known for their exceptional performance...

AMD ‘Zenbleed’ bug can leak passwords from Ryzen CPUs

The ‘Zenbleed’ vulnerability affects AMD Ryzen processors, which are widely known for their exceptional performance and value. Discovered by security researchers, the bug exploits a flaw in the Predictive Store Forwarding (PSF) feature of the Ryzen CPUs. PSF is designed to improve processor performance by predicting memory addresses for store operations. However, attackers can leverage this mechanism to leak sensitive data, such as passwords, from the CPU’s internal memory.

AMD has recently announced the discovery of a new vulnerability affecting its Zen 2 processors, which includes popular CPUs like the Ryzen 5 3600. The vulnerability, known as “Zenbleed” (CVE-2023-20593), was disclosed by Google security researcher Tavis Ormandy on his blog. It affects the entire Zen 2 product stack, including AMD Ryzen 3000, 4000, 5000, and 7020 series, Ryzen Pro 3000 and 4000 series, and AMD’s EPYC “Rome” data center processors.

Unlike some exploits, Zenbleed doesn’t require physical access to the computer and can be executed remotely through JavaScript on a webpage. This means that attackers can potentially steal sensitive data like passwords and encryption keys from impacted systems. The exploit allows data to be transferred at a rate of 30 kb per core per second, making it possible to steal data from various software running on the system, including virtual machines, sandboxes, containers, and processes. Cloudflare warns that attackers can even steal data from cloud-hosted services on affected systems.

To address the issue, AMD has already released a microcode patch for second-generation Epyc 7002 processors. However, updates for other CPU lines, including Ryzen and EPYC processors, are expected to be released in October 2023 or later. AMD is closely collaborating with customers and partners to mitigate any potential impact on their systems while developing and deploying patches for the affected processors. Although AMD has not disclosed whether these updates will affect system performance, it remains a possibility.

As AMD continues to work on resolving the Zenbleed vulnerability, users are advised to remain vigilant and stay informed about firmware updates and security advisories from the company.

Best Practices for Users:

In addition to AMD’s efforts, users can take proactive steps to safeguard their systems and data:

  • Update Firmware: Regularly check for firmware updates from your motherboard manufacturer and promptly install any patches addressing the ‘Zenbleed’ vulnerability.
  • Use Strong Passwords: Ensure that you use strong, unique passwords for all your accounts. Employing a password manager can help you manage and generate complex passwords securely.
  • Enable Multi-Factor Authentication (MFA): Whenever possible, enable MFA for your online accounts. MFA adds an extra layer of security, making it significantly more challenging for attackers to gain unauthorized access.
  • Stay Informed: Keep abreast of the latest security advisories from AMD and other hardware manufacturers. Being informed about potential risks allows you to take timely action to protect your system.
Sajid Ali

CEO, Lead Writer

Sajid Ali is a tech enthusiast and gamer who loves to write reviews about gaming hardware. He has a passion for staying up-to-date with the latest technological advancements and loves sharing his knowledge with others. Sajid studied Intermediate Computer Science at Degree College and went on to earn his Bachelor's in Computer Science from GSC. In his free time, you can find him testing out new hardware and software, or playing the latest video games. Sajid's in-depth understanding of computers and his love for gaming make him the perfect author to turn to for all things tech and gaming.