Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 11:39 UTC (Tue) by ernstp (guest, #13694)
In reply to: Zenbleed: an AMD Zen 2 speculative vulnerability by flussence
Parent article: Zenbleed: an AMD Zen 2 speculative vulnerability

Isn't this kind of microcode enough.. ?
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/...

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 11:58 UTC (Tue) by hawk (subscriber, #3195) [Link] (9 responses)

It's possible that this *kind* of microcode update is enough (I'm not 100% sure, but it would make sense). However, what is actually there is only for a few affected models (EPYC specifically? that would fit what AMD is saying).

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 12:25 UTC (Tue) by paulj (subscriber, #341) [Link] (8 responses)

Seems to cover all the family 0x19h and 0x17h CPUs (there are 2 commits)? The microcode file seems to be family specific - not more granular?

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 20:38 UTC (Tue) by flussence (guest, #85566) [Link] (7 responses)

I've now seen multiple corroborated reports that the CPU models listed in the amd-ucode directory readme are all that's actually there - i.e. everyone with a socket AM4 chip is screwed for the next six months.

Which… sounds entirely on brand for the company that didn't have a real cpufreq driver for three years. Not impressed with AMD right now.

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 22:28 UTC (Tue) by paulj (subscriber, #341) [Link] (6 responses)

Ah, agreed, yeah. Seems the file is a bunch of patches to the µcode (?). You don't need to believe the readme, apparently this python script can parse the bin file and print the info: https://github.com/AMDESE/amd_ucode_info

Though, AM4? Isn't that Zen - while this vulnerability affects Zen2?

Maybe... the issue doesn't affect the CPUs they didn't issue patches for?

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 22:52 UTC (Tue) by tao (subscriber, #17563) [Link]

Should be fairly easy to confirm, no? There's a proof of concept available.

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 25, 2023 22:57 UTC (Tue) by farnz (subscriber, #17727) [Link] (2 responses)

<p>Socket AM4 is all Ryzen family processors that support DDR4. Socket AM5 is for CPUs that only support DDR5. Thus, AM4 is used for Zen, Zen + Zen 2 and Zen 3 processors, while AM5 is Zen 4 only.

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 26, 2023 12:06 UTC (Wed) by paulj (subscriber, #341) [Link] (1 responses)

Ah, yes. It's still not clear to me if the microcode updates for the 0x17h and 0x19h CPUs do or do not cover all the affected CPUs.

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 26, 2023 13:39 UTC (Wed) by MarcB (guest, #101804) [Link]

They do NOT cover all affected CPUs.

The microcode applies to - and fixes - our EPYC servers, but it does not apply to the equally affected Ryzen PRO 3xxx we use on small servers.

Also the PoC works scaringly well. This vulnerability is on the level of Meltdown, i.e. much easier to exploit and providing a far higher leak rate rate than most Spectre attacks.

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 26, 2023 8:40 UTC (Wed) by flussence (guest, #85566) [Link]

> Though, AM4? Isn't that Zen - while this vulnerability affects Zen2?

You're right - I'd forgotten just how glacial the hardware side of things moves sometimes (for the better :-)

Zenbleed: an AMD Zen 2 speculative vulnerability

Posted Jul 27, 2023 4:43 UTC (Thu) by diegor (subscriber, #1967) [Link]

The original article mention this processor:

AMD Ryzen 5000 Series Processors with Radeon Graphics

but POC on this processor doesn't work, and it is a zen3 cpu. It looks it is really a zen2 only issue.