New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
AMD 'Zenbleed' vulnerability
crunchbits
Member, Patron Provider, Top Host
Had a few pings about this (thank you!), haven't seen any mention on here but I know plenty of providers/users running Zen2 stuff.
Quick blog update from us
Seems like a pretty serious bug, and the exploit is public. Information will likely change often so don't hold my feet to the flame too hard--just trying to raise awareness so nobody wakes up to a wiped server.
Comments
Now where are all of the "If they don't use AMD processors they can't be trusted" (paraphrased) crowd. I swear I recall a bunch of people acting like that, might have even been me.
I missed this, but can definitely imagine it. Luckily we've been a bi-curious CPU shop for awhile.
Fix #5 for providers
Upgrade to zen3 for free
I've almost phased them all out for Intel boxes again. Mitigations have proven acceptable and it's still easier to get slightly aged systems lying around.
From Tavis Ormandy awesome research!
https://lock.cmpxchg8b.com/zenbleed.html
Proxmox doesn't seem to have mitigation out yet, hopefully very soon.
We have very few Zen2. Zen1, Zen3 sure, but not many Zen2.
Thanks.
Debian released the microcode update for sid a few hours ago: https://packages.debian.org/sid/amd64-microcode
You can just download it, install it and reboot. Worked flawlessly on all our Servers.
Yeah there's not much, just a few of them (83 listed): https://en.wikichip.org/wiki/amd/microarchitectures/zen_2#All_Zen_2_Chips
Even this list is missing a few chips.
obv i meant servers we have installed and in production, not in general what Zen2 products is out there ...
Correct however can do this. (Note: I've heard will have to do this every time a reboot is issued)
If follow the OPs guide you will get the following error.
Here has been the thread from Proxmox over the issue.
https://forum.proxmox.com/threads/zenbleed-cve-2023-20593.131164
I wonder how long it will take for them to push it out via repo
Ubuntu 22 released an update for this.
Awesome, will update with this info.
Here is a screenshot:
https://prnt.sc/L7PWjS8zahVs
Hmm... possible attack via browser???
https://blog.cloudflare.com/zenbleed-vulnerability/
AMD ftw.