Nice #Zenbleed explained
https://youtu.be/9EY_9KtxyPg

Can’t find any statement from Microsoft regarding Azure and #zenbleed (CVE-2023-20593) mitigation. At least Aws and google published statements for their clouds.

When looking at all the CPU vulnerabilities in the recent years even until this day. We see mitigations taking place in microcode or OS level. But the performance impact is huge! Sometimes 30%-50% decrease in performance on specific tasks like databases!
Question: can we get some compensation as consumer? Since both Intel and AMD sold hardware that doesn't give the promised results.
#specre #meltdown #hertzbleed #Zenbleed #Inception #vulnerability #security #secops #compensation #money

The #Linux kernel wants, for my CPU (Ryzen 3600), microcode revision 0x8701032. The latest available (only via BIOS updates, not linux-firmware) is 0x8701030, and the kernel complains about it:

“Zenbleed: please update your microcode for the most optimal fix”

#AMD #Ryzen #Zenbleed

#Linux added #Zenbleed fix for #SteamDeck.

You'll ask yourself: what, wasn't this fixed last month? Yes, it was but not for the Steam Deck APU - the CPU model was missed in the Zenbleed erratum list. The fix is going to hit v6.5-rc6.

https://www.phoronix.com/news/Linux-Zenbleed-Steam-Deck

#Linux Kernel Updated To Add #Zenbleed Fix For Valve's #SteamDeck :steamdeck:

https://www.phoronix.com/news/Linux-Zenbleed-Steam-Deck

I added a known-good microcode check to my #FreeBSD #Zenbleed MSR chicken-bit rc script, and a reminder to check it all again in mid-December.

I don't have the relevant CPUs to hand to test it directly so do let me know how you get on.

https://gist.github.com/Freaky/2560975d3c94246b86f464b8be75c967

@Violet This years #defcon looks ripe with CPU vulnerabilities.

#Zenbleed last week for AMD

today:
#Downfall for Intel

#Inception for AMD

On the @ubuntu #Security Podcast this week we look at the AMD #Zenbleed vuln plus we cover security updates for the Linux kernel, a high profile OpenSSH vuln and finally Andrei is back covering recent academic research in machine learning safeguards https://ubuntusecuritypodcast.org/episode-204/

Unfortunately @theregister published misleading and incorrect information that using QEMU (i.e. KVM / Firecracker) mitigates the AMD #Zenbleed exploit.

_It does not_

We demo the exploit in a GitHub Action and show how to mitigate it.
https://actuated.dev/blog/amd-zenbleed-update-now

#bot
Original tweet : https://nitter.it/alexellisuk/status/1685952872125460480

FIxes for AMD 'Zenbleed' CVE-2023-20593 has landed in Debian archives. For stable (bookworm), vulnerability is fixed in Linux version 6.1.38-2 and for old-stable (bullseye) fix is in version 5.10.179-3.

This only fixes for 2nd gen Epyc CPUs, further CPUs to follow in later releases. Please update your Debian (and downstream) servers.

#debian #zenbleed #hopbox

#AMD 'Zenbleed' Bug Leaks Data From Zen 2 #Ryzen, #EPYC CPUs: Most Patches Coming Q4 (Updated) | Tom's Hardware
#zenbleed #privacy

https://www.tomshardware.com/news/zenbleed-bug-allows-data-theft-from-amds-zen-2-processors-patches-released

xcp-ng - July 2023 Security Update - #Zenbleed

https://xcp-ng.org/blog/2023/07/27/july-2023-security-update-zenbleed/

#SysAdmin #Linux #Virtualization

S3 Ep145: Bugs With Impressive Names! - Fascinating fun (with a serious and educational side) - listen now! Full transcript avail... https://nakedsecurity.sophos.com/2023/07/27/s3-ep145-bugs-with-impressive-names/ #nakedsecuritypodcast #triangulationtrojan #vulnerability #cryptography #tetra:burst #dataloss #zenbleed #podcast #spyware #iphone #apple #bwain

How painful is #Zenbleed actually going to be to AMD customers? Personally I hope it amounts to nothing. Same with similar Intel bugs. Most of these things are really difficult to fix without trade-offs and they were somewhere difficult to see coming until like 8 or so years ago

SecurityWeek: Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation https://www.securityweek.com/wiz-says-62-of-aws-environments-exposed-to-zenbleed-exploitation/ #Vulnerabilities #CVE-2023-20593 #CloudSecurity #TavisOrmandy #ProjectZero #zenbleed #Amd

@lengau

there was a #zenbleed embargo with a release date in early August, info got released early, hence the scramble by some; enterprises have a harder time scrambling.

also me reading the #zenbleed blog post:

(art by the outstanding feral artist Paper-Wings)

Me reading the #zenbleed blog post:

Puzzled for the moment that the public Red Hat bug tracking #zenbleed is priority "medium", assignee "nobody"

https://bugzilla.redhat.com/show_bug.cgi?id=2217845

and that the CVE they rate as "moderate impact"

https://access.redhat.com/security/cve/cve-2023-20593

[ #zenbleed #cve #rhel #redhat ]