2023-07-25 14:30:00
Among the CPUs concerned, the Ryzen 3000 desktop chips, but also the mobile Ryzen 4000 and 5000 series, as well as the APUs for the latest generation “7020” laptops. As pointed out The Vergethe Ryzen Pro 3000 and 4000 are also impacted, in the same way as the AMD EPYC “Rome” processors on the servers / supercomputers side.
In detail and according to information from Cloudflare, this new flaw does not require physical access to the targeted computer to attack the system. In some cases, it can indeed be operated remotely using Javascript through a simple web page. Once exploited, the flaw could allow an attacker to transfer data at a speed of 30 kbit per CPU core per second.
A meager transfer speed, but more than enough to steal sensitive data from any software running on the system. A remark that extends to virtual machines or even processes, among others. We also learn that the exploit used to take advantage of this flaw is flexible enough to lead to user monitoring within a Cloud instance, for example.
Finally, the exploit is particularly difficult to detect as it is. ” I don’t know of any reliable technique to detect exploitation “, has also admitted Travis Ormandy. The Verge also points out that this flaw has points in common with Spectre, while being easier to exploit… which in this sense brings it closer to these Meltdown-type exploits.
1690296665
#Zenbleed #flaw #leak #passwords #crypto #keys #concerned