On 24 July 2023, security researchers from Google’s Information Security Engineering team disclosed a hardware vulnerability affecting AMD’s Zen 2 family of microprocessors. They dubbed this vulnerability “Zenbleed” (CVE-2023-20593), evoking memories of previous vulnerabilities like HeartBleed and hinting at its possible impact. In response, AMD released an associated microcode update for some of the affected processors, which was then released to all affected Ubuntu users within 24 hours of the original announcement. In this blog post, we look at some of the details behind the vulnerability and the response of the Ubuntu Security team.
What is Zenbleed, and who is affected?
Zenbleed is a vulnerability in the handling of certain vector registers within the Zen 2 family of AMD processors. In particular, it involved the incorrect handling of the vzeroupper
instruction when being executed speculatively. This is not the first vulnerability related to speculative execution. The…