Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


AMD 'Zenbleed' vulnerability
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

AMD 'Zenbleed' vulnerability

crunchbitscrunchbits Member, Patron Provider, Top Host
edited July 2023 in News

Had a few pings about this (thank you!), haven't seen any mention on here but I know plenty of providers/users running Zen2 stuff.

Quick blog update from us

Seems like a pretty serious bug, and the exploit is public. Information will likely change often so don't hold my feet to the flame too hard--just trying to raise awareness so nobody wakes up to a wiped server.

Comments

  • jarjar Patron Provider, Top Host, Veteran

    Now where are all of the "If they don't use AMD processors they can't be trusted" (paraphrased) crowd. I swear I recall a bunch of people acting like that, might have even been me.

  • crunchbitscrunchbits Member, Patron Provider, Top Host

    @jar said:
    Now where are all of the "If they don't use AMD processors they can't be trusted" (paraphrased) crowd. I swear I recall a bunch of people acting like that, might have even been me.

    I missed this, but can definitely imagine it. Luckily we've been a bi-curious CPU shop for awhile.

    Thanked by 1jar
  • Fix #5 for providers
    Upgrade to zen3 for free

    Thanked by 1yoursunny
  • jarjar Patron Provider, Top Host, Veteran

    @crunchbits said:

    @jar said:
    Now where are all of the "If they don't use AMD processors they can't be trusted" (paraphrased) crowd. I swear I recall a bunch of people acting like that, might have even been me.

    I missed this, but can definitely imagine it. Luckily we've been a bi-curious CPU shop for awhile.

    I've almost phased them all out for Intel boxes again. Mitigations have proven acceptable and it's still easier to get slightly aged systems lying around.

  • From Tavis Ormandy awesome research!
    https://lock.cmpxchg8b.com/zenbleed.html

    Thanked by 1Not_Oles
  • PulsedMediaPulsedMedia Member, Patron Provider

    Proxmox doesn't seem to have mitigation out yet, hopefully very soon.

  • PulsedMediaPulsedMedia Member, Patron Provider
    edited July 2023

    This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products:

    AMD Ryzen 3000 Series Processors
    AMD Ryzen PRO 3000 Series Processors
    AMD Ryzen Threadripper 3000 Series Processors
    AMD Ryzen 4000 Series Processors with Radeon Graphics
    AMD Ryzen PRO 4000 Series Processors
    AMD Ryzen 5000 Series Processors with Radeon Graphics
    AMD Ryzen 7020 Series Processors with Radeon Graphics
    AMD EPYC “Rome” Processors

    We have very few Zen2. Zen1, Zen3 sure, but not many Zen2.

  • AbdAbd Member, Patron Provider

    Thanks. :)

  • mxmlamxmla Member, Patron Provider

    @PulsedMedia said:
    Proxmox doesn't seem to have mitigation out yet, hopefully very soon.

    Debian released the microcode update for sid a few hours ago: https://packages.debian.org/sid/amd64-microcode

    You can just download it, install it and reboot. Worked flawlessly on all our Servers.

  • wdmgwdmg Member, LIR
    edited July 2023

    @PulsedMedia said:

    This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products:

    AMD Ryzen 3000 Series Processors
    AMD Ryzen PRO 3000 Series Processors
    AMD Ryzen Threadripper 3000 Series Processors
    AMD Ryzen 4000 Series Processors with Radeon Graphics
    AMD Ryzen PRO 4000 Series Processors
    AMD Ryzen 5000 Series Processors with Radeon Graphics
    AMD Ryzen 7020 Series Processors with Radeon Graphics
    AMD EPYC “Rome” Processors

    We have very few Zen2. Zen1, Zen3 sure, but not many Zen2.

    Yeah there's not much, just a few of them (83 listed): https://en.wikichip.org/wiki/amd/microarchitectures/zen_2#All_Zen_2_Chips

    Even this list is missing a few chips.

  • PulsedMediaPulsedMedia Member, Patron Provider

    @wdmg said:

    @PulsedMedia said:

    This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products:

    AMD Ryzen 3000 Series Processors
    AMD Ryzen PRO 3000 Series Processors
    AMD Ryzen Threadripper 3000 Series Processors
    AMD Ryzen 4000 Series Processors with Radeon Graphics
    AMD Ryzen PRO 4000 Series Processors
    AMD Ryzen 5000 Series Processors with Radeon Graphics
    AMD Ryzen 7020 Series Processors with Radeon Graphics
    AMD EPYC “Rome” Processors

    We have very few Zen2. Zen1, Zen3 sure, but not many Zen2.

    Yeah there's not much, just a few of them (83 listed): https://en.wikichip.org/wiki/amd/microarchitectures/zen_2#All_Zen_2_Chips

    Even this list is missing a few chips.

    obv i meant servers we have installed and in production, not in general what Zen2 products is out there ...

    Thanked by 1Zeniic
  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider
    edited July 2023

    @PulsedMedia said:
    Proxmox doesn't seem to have mitigation out yet, hopefully very soon.

    Correct however can do this. (Note: I've heard will have to do this every time a reboot is issued)

    apt install msr-tools
    modprobe msr
    wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) | (1<<9)))
    

    If follow the OPs guide you will get the following error.

    # wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) | (1<<9)))
    rdmsr: open: No such file or directory
    -bash: | (1<<9): syntax error: operand expected (error token is "| (1<<9)")
    

    Here has been the thread from Proxmox over the issue.
    https://forum.proxmox.com/threads/zenbleed-cve-2023-20593.131164

  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider

    @mxmla said:

    @PulsedMedia said:
    Proxmox doesn't seem to have mitigation out yet, hopefully very soon.

    Debian released the microcode update for sid a few hours ago: https://packages.debian.org/sid/amd64-microcode

    You can just download it, install it and reboot. Worked flawlessly on all our Servers.

    I wonder how long it will take for them to push it out via repo

  • NetDynamics24NetDynamics24 Member, Host Rep

    Ubuntu 22 released an update for this.

    Thanked by 1crunchbits
  • crunchbitscrunchbits Member, Patron Provider, Top Host

    @mxmla said:
    Debian released the microcode update for sid a few hours ago: https://packages.debian.org/sid/amd64-microcode

    You can just download it, install it and reboot. Worked flawlessly on all our Servers.

    @NetDynamics24 said:
    Ubuntu 22 released an update for this.

    Awesome, will update with this info.

  • NetDynamics24NetDynamics24 Member, Host Rep

    @crunchbits said:

    Awesome, will update with this info.

    Here is a screenshot:
    https://prnt.sc/L7PWjS8zahVs

    Thanked by 1crunchbits
  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider

    Hmm... possible attack via browser???
    https://blog.cloudflare.com/zenbleed-vulnerability/

  • @jar said:
    Now where are all of the "If they don't use AMD processors they can't be trusted" (paraphrased) crowd. I swear I recall a bunch of people acting like that, might have even been me.

    AMD ftw.

    Thanked by 1nick_
Sign In or Register to comment.