Update 7/24/23 5:40pm PT: Added a statement from Google and also a full list of all impacted processors and the expected dates for patches for each model.
Update 7/24/23 1:30pm PT: AMD has responded with key details and published a security advisory with the expected dates for new firmwares, many of which don't arrive until the end of the year. We have added that information to the original article below.
Original Article Published 7/24/23 8:45am PT:
AMD didn't have an advisory ready at the time of publication, but the company did add the AMD-SB-7008 Bulletin several hours later. AMD has patches ready for its EPYC 7002 'Rome' processors now, but it will not patch its consumer Zen 2 Ryzen 3000, 4000, and some 5000-series chips until November and December of this year. AMD's processors used in the PS5, Xbox Series X and S, and Steam Deck are all also powered by Zen 2 chips, but it remains unclear if those are impacted. We're following up for more details. We have added details further below about mitigation schedules.
AMD hasn't given specific details of any performance impacts but did issue the following statement to Tom's Hardware: “Any performance impact will vary depending on workload and system configuration. AMD is not aware of any known exploit of the described vulnerability outside the research environment.”
AMD's statement implies there will be some performance impact from the patches, but we'll have to conduct independent benchmarks when the patches arrive for the consumer Ryzen products. In the meantime, we've asked AMD for any ballpark figures it can share.
The Zenbleed vulnerability is filed as CVE-2023-20593 and allows data exfiltration (theft) at a rate of 30kb per core, per second, thus providing adequate throughput to steal sensitive information flowing through the processor. This attack works across all software running on the processor, including virtual machines, sandboxes, containers, and processes. The ability for this attack to read data across virtual machines is particularly threatening for cloud service providers and those who use cloud instances.
The attack can be accomplished via unprivileged arbitrary code execution. Ormandy has posted a security research repository and code for the exploit. The attack works by manipulating the register files to force a mispredicted command (meaning it eploits the speculative execution engine), as described below:
"The bug works like this, first of all you need to trigger something called the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper. This all has to happen within a precise window to work.
We now know that basic operations like strlen, memcpy and strcmp will use the vector registers - so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever!
This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file," says Ormandy.
AMD describes the exploit much more simply, saying, "Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information."
Ormandy says the bug can be patched through a software approach for multiple operating systems (e.g., "you can set the chicken bit DE_CFG"), but this might result in a performance penalty. Ormandy says it is highly recommended to get the microcode update, but his post also has examples of software mitigations for other operating systems, too.
Here's a list of the impacted processors, and the schedule for the release of the AGESA versions to OEMs:
|Processor||Agesa Firmware||Availability to OEMs||Microcode|
|2nd-Gen AMD EPYC Rome Processors||RomePI 1.0.0.H||Now||0x0830107A|
|Ryzen 3000 Series “Matisse”||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Target Dec 2023 for both||?|
|Ryzen 4000 Series "Renoir" AM4||ComboAM4v2PI_1.2.0.C||Target Dec 2023||?|
|Threadripper 3000-Series "Caslle Peak"||CastlePeakPI-SP3r3 1.0.0.A||Target Oct 2023||?|
|Threadripper PRO 3000WX-Series "Castle Peak"||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 126.96.36.199||Target Nov 2023 | Target Dec 2023||?|
|Ryzen 5000 Series Mobile "Lucienne"||CezannePI-FP6_188.8.131.52||Target Dec 2023||?|
|Ryzen 4000 Series Mobile "Renoir"||RenoirPI-FP6_1.0.0.D||Target Nov 2023||?|
|Ryzen 7020 Series "Mendocino"||MendocinoPI-FT6_184.108.40.206||Target Dec 2023||?|
Below, we have a more detailed list with the model number of each impacted chip and the expected data for the new AGESA to arrive. AMD's AGESA is a code foundation upon which the OEMs build BIOS revisions. You will need to update to a BIOS with the above-listed AGESA code, or newer, to patch your system.
“We are aware of the AMD hardware security vulnerability described in CVE-2023-20593, which was discovered by Tavis Ormandy, a Security Researcher at Google, and we have worked with AMD and industry partners closely. We have worked to address the vulnerability across Google platforms.” - Google spokesperson to Tom's Hardware.
Ormandy says he reported the issue to AMD on May 15, 2023. Ormandy also credits his colleagues; "I couldn’t have found it without help from my colleagues, in particular Eduardo Vela Nava and Alexandra Sandulescu. I also had help analyzing the bug from Josh Eads."
|Desktop CPU||New Agesa Firmware Version||Patch Due|
|Ryzen 3 3100||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 3 3300X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 3 4100||ComboAM4v2PI_1.2.0.C||Nov 2023|
|Ryzen 3 4300G||ComboAM4v2PI_1.2.0.C||Dec 2023|
|Ryzen 3 4300GE||ComboAM4v2PI_1.2.0.C||Dec 2023|
|Ryzen 4700S||ComboAM4v2PI_1.2.0.C||Nov 2023|
|Ryzen 5 3500||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 5 3500X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 5 3600||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 5 3600X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 5 3600XT||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 5 4500||ComboAM4v2PI_1.2.0.C||Nov 2023|
|Ryzen 5 4600G||ComboAM4v2PI_1.2.0.C||Dec 2023|
|Ryzen 5 4600GE||ComboAM4v2PI_1.2.0.C||Dec 2023|
|Ryzen 7 3700X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 7 3800X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 7 3800XT||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 7 4700G||ComboAM4v2PI_1.2.0.C||Dec 2023|
|Ryzen 7 4700GE||ComboAM4v2PI_1.2.0.C||Dec 2023|
|Ryzen 9 3900||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 9 3900X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 9 3900XT||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen 9 3950X||ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C||Dec 2023|
|Ryzen Threadripper 3960X||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 220.127.116.11||Nov 2023 / Dec 2023|
|Ryzen Threadripper 3970X||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 18.104.22.168||Nov 2023 / Dec 2023|
|Ryzen Threadripper 3990X||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 22.214.171.124||Nov 2023 / Dec 2023|
|Ryzen Threadripper Pro 3945WX||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 126.96.36.199||Nov 2023 / Dec 2023|
|Ryzen Threadripper Pro 3955WX||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 188.8.131.52||Nov 2023 / Dec 2023|
|Ryzen Threadripper Pro 3975WX||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 184.108.40.206||Nov 2023 / Dec 2023|
|Ryzen Threadripper Pro 3995WX||CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 220.127.116.11||Nov 2023 / Dec 2023|
|Mobile CPU||New Agesa Firmware Version||Patch Due|
|Ryzen 3 4300U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 3 5300U||CezannePI-FP6_18.104.22.168||Dec 2023|
|Ryzen 3 7320U||MendocinoPI-FT6_22.214.171.124||Dec 2023|
|Ryzen 5 4500U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 5 4600H||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 5 4600HS||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 5 4600U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 5 4680U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 5 5500U||CezannePI-FP6_126.96.36.199||Dec 2023|
|Ryzen 5 7520U||MendocinoPI-FT6_188.8.131.52||Dec 2023|
|Ryzen 7 4700U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 7 4800U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 7 4980U||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 7 5700U||CezannePI-FP6_184.108.40.206||Dec 2023|
|Ryzen 9 4900H||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 9 4800H||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 9 4800HS||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Ryzen 9 4900HS||RenoirPI-FP6_1.0.0.D||Nov 2023|
|Server CPU||New Agesa Firmware Version||Patch Available|
|EPYC 7232P||RomePI 1.0.0.H||Now|
|EPYC 7252||RomePI 1.0.0.H||Now|
|EPYC 7262||RomePI 1.0.0.H||Now|
|EPYC 7272||RomePI 1.0.0.H||Now|
|EPYC 7282||RomePI 1.0.0.H||Now|
|EPYC 7302||RomePI 1.0.0.H||Now|
|EPYC 7302P||RomePI 1.0.0.H||Now|
|EPYC 7352||RomePI 1.0.0.H||Now|
|EPYC 7402||RomePI 1.0.0.H||Now|
|EPYC 7402P||RomePI 1.0.0.H||Now|
|EPYC 7452||RomePI 1.0.0.H||Now|
|EPYC 7502||RomePI 1.0.0.H||Now|
|EPYC 7502P||RomePI 1.0.0.H||Now|
|EPYC 7532||RomePI 1.0.0.H||Now|
|EPYC 7542||RomePI 1.0.0.H||Now|
|EPYC 7552||RomePI 1.0.0.H||Now|
|EPYC 7642||RomePI 1.0.0.H||Now|
|EPYC 7662||RomePI 1.0.0.H||Now|
|EPYC 7702||RomePI 1.0.0.H||Now|
|EPYC 7702P||RomePI 1.0.0.H||Now|
|EPYC 7742||RomePI 1.0.0.H||Now|
|EPYC 7F32||RomePI 1.0.0.H||Now|
|EPYC 7F52||RomePI 1.0.0.H||Now|
|EPYC 7F72||RomePI 1.0.0.H||Now|
|EPYC 7H12||RomePI 1.0.0.H||Now|