AMD ‘Zenbleed’ bug can leak passwords from Ryzen CPUs (
from to on 25 Jul 2023 11:32 +0000

A new vulnerability impacting AMD’s line of Zen 2 processors — which includes popular CPUs like the budget-friendly Ryzen 5 3600 — has been discovered that can be exploited to steal sensitive data like passwords and encryption keys. Google security researcher Tavis Ormandy disclosed the “Zenbleed” bug (filed as CVE-2023-20593) on his blog this week after first reporting the vulnerability to AMD on May 15th.

The entire Zen 2 product stack is impacted by the vulnerability, including all processors within the AMD Ryzen 3000 / 4000 / 5000 / 7020 series, the Ryzen Pro 3000 / 4000 series, and AMD’s EPYC “Rome” data center processors. AMD has since published its anticipated release timeline for patching out the exploit, with most firmware updates not expected to arrive until later this year. on 25 Jul 2023 20:59 +0000 next

Additional link:…/encryption-breaking-password-le… on 25 Jul 2023 20:59 +0000 next

Write-up: on 29 Jul 2023 15:25 +0000

I didn’t know much about speculative execution until researching this vuln. It’s wild. Execute an instruction and then roll back some flags - what could go wrong?