Mitigating AMD EPYC “Zenbleed” Vulnerability – Understanding and Taking Action

We are writing this post in response to a customer query about the newly identified vulnerability, CVE-2023-20593, also known as “Zenbleed.” This vulnerability affects specific Zen AMD processors which – of course – some of our customers are running.  As always, we at Hivelocity are committed to your security, so in this post we’ll be providing some critical information about the vulnerability and the steps to take to ensure your data remains secured.

The Zenbleed Vulnerability: An Overview

Zenbleed is a use-after-free vulnerability related to the improper handling of an instruction pointer, ‘vzeroupper’, during speculative execution in certain AMD processors. To put it in simpler terms, under certain conditions, a register in “Zen 2” CPUs may not be correctly zeroed. This could potentially allow an attacker to access sensitive information.

Affected Versions:

This vulnerability affects the following processors:

  • AMD Ryzen 3000 Series
  • AMD Ryzen PRO 3000 Series
  • AMD Ryzen Threadripper 3000 Series
  • AMD Ryzen 4000 Series with Radeon Graphics
  • AMD Ryzen PRO 4000 Series
  • AMD Ryzen 5000 Series with Radeon Graphics
  • AMD Ryzen 7020 Series with Radeon Graphics
  • AMD EPYC “Rome” Processors

How to Determine Vulnerability

You can check if your server is vulnerable by following the PoC (Proof of Concept) write-up available on GitHub: Zenbleed PoC Writeup.

We’ve included a brief overview of the necessary steps below:

  1. Install dependencies
  2. Download the Zenbleed vulnerability test
  3. Compile and run the test
  4. Generate traffic if your server isn’t busy
  5. Check the results

A server showing vulnerability to Zenbleed should produce results similar to this tweet.

Patching the Vulnerability

For Ubuntu and Debian users, updates have been released for a microcode patch of the Zenbleed vulnerability:

  • Ubuntu users can follow the instructions in this advisory and update the system accordingly.
  • Debian users can refer to this advisory and apply the necessary updates.

Our Security team is working closely with Supermicro to get a BIOS firmware update available for all of client’s as well. When we have this patch we will amend this post to include links to it as well.

We understand the severity of this situation and are doing everything we can to mitigate any potential risks. For more information about the Zenbleed vulnerability, we recommend the detailed write-up by lock.cmpxchg8b.com and the kernel patch on git.kernel.org.

To stay up to date on new Operating Systems and BIOS patches follow us on twitter.

We appreciate your patience and understanding as we navigate this situation together. As always, we’re here to answer any questions and concerns you might have. Please do not hesitate to get in touch.

Hivelocity, as always, committed to your success and security.

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Articles

Hivelocity hurricane preparations banner image
Hivelocity News

Hurricane Milton Service Notice

Final Update 10/14/2024: Both TPA 1 and TPA2 data centers have power restored and are no longer running on generators. Staff have started to safely return to offices ensuring that normal operations continue.    Update 10/10/2024: We are pleased to inform you that the storm has passed, and both our …

Continue read
VMware Hivelocity Partnership
Hivelocity News

Hivelocity Selected as Premier Tier VMware Cloud Service Provider

Hivelocity is proud to announce its selection as a Premier Tier VMware Cloud Service Provider (VCSP) within Broadcom’s Advantage Partner Program in the United States region. This advancement from VMware’s previous cloud provider partner program underscores a significant milestone, enabling Hivelocity to continue to deliver its VMware cloud service capabilities …

Continue read