谷歌专家发现 Zenbleed 远程执行漏洞,影响所有 AMD Zen 2 CPU 。Google experts have discovered the Zenbleed remote code execution vulnerability, which affects all AMD Zen 2 CPUs.

 谷歌信息安全研究员 Tavis Ormandy 今天发布博文,表示基于 Zen 2 的 AMD 处理器中发现了新的安全漏洞,并将其命名为 Zenbleed。


Ormandy 表示所有基于 Zen 2 的 AMD 处理器均受到影响,黑客可以利用该漏洞,窃取加密密钥和用户登录凭证等受到保护的信息。Ormandy 表示黑客不需要物理访问计算机,可以通过网页上的恶意 JS 脚本执行。


Ormandy 于 2023 年 5 月 15 日向 AMD 报告了该问题,AMD 官方已经发布了有针对性的补丁,Ormandy 并未确认新版固件是否已完全修复该漏洞。


该漏洞追踪编号为 CVE-2023-20593,能以每核心每秒 30KB 的速度窃取机密数据。此攻击会影响 CPU 上运行的所有软件,包括虚拟机、沙箱、容器和进程。


受影响的 Zen 2 处理器清单: 

•AMD Ryzen 3000 系列处理器; 

•AMD Ryzen PRO 3000 系列处理器; 

•AMD Ryzen Threadripper 3000 系列处理器; 

•带 Radeon 集显的 AMD Ryzen 4000 系列处理器; 

•AMD Ryzen PRO 4000 系列处理器; 

•带 Radeon 集显的 AMD Ryzen 5000 系列处理器; 

•带 Radeon 集显的 AMD Ryzen 7020 系列处理器; 

•AMD EPYC Rome 系列处理器。Google security researcher Tavis Ormandy today released a blog post stating that a new security vulnerability has been discovered in AMD processors based on Zen 2 architecture, and he named it Zenbleed.


Ormandy mentioned that all AMD processors based on Zen 2 are affected by this vulnerability. Hackers can exploit this flaw to steal protected information such as encryption keys and user login credentials. Ormandy also noted that physical access to the computer is not required for hackers to execute malicious JavaScript scripts on web pages.


Ormandy reported the issue to AMD on May 15, 2023. AMD has already released targeted patches, but Ormandy has not confirmed if the new firmware fully fixes the vulnerability.


The tracking number for this vulnerability is CVE-2023-20593, which allows confidential data to be stolen at a rate of 30KB per core per second. This attack affects all software running on the CPU, including virtual machines, sandboxes, containers, and processes.


List of affected Zen 2 processors:

•AMD Ryzen 3000 series processors

•AMD Ryzen PRO 3000 series processors

•AMD Ryzen Threadripper 3000 series processors

•AMD Ryzen 4000 series processors with Radeon integrated graphics

•AMD Ryzen PRO 4000 series processors

•AMD Ryzen 5000 series processors with Radeon integrated graphics

•AMD Ryzen 7020 series processors with Radeon integrated graphics

•AMD EPYC Rome series processors


评论

发表评论

此博客中的热门博文

免费GPT4

图片
 永久免费的GPT4 点击直达链接 不定时提供gpt4的api和key API-   https://openai.sdadsad.cf  (这个不是网站,不要在浏览器打开)这个是对接的反向接口 KEY-  sk-F2PmQOXVuIR3cdvX240bFaCa6eCa480a8b2b0e453966B117
Read more »

【免费域名】注册!无需实名验证,不需要信用卡 Free Domain Name Registration Tutorial! No need for real-name verification, no credit card required.

1.免费注册域名:【 链接直达 】 2.免费容器:【 点击打开 】 3.VPS 推荐:【 链接直达 】 4.一键安装网站服务器环境,有2种简单方案: a). lnmp wget http://soft.vpser.net/lnmp/lnmp2.0.tar.gz -O lnmp2.0.tar.gz && tar zxf lnmp2.0.tar.gz && cd lnmp2.0 && ./install.sh lnmp 全选代码 复制   b).aapanel Centos yum install -y wget && wget -O install.sh http://www.aapanel.com/script/install_6.0_en.sh && bash install.sh aapanel 全选代码 复制 Ubuntu/Deepin wget -O install.sh http://www.aapanel.com/script/install-ubuntu_6.0_en.sh && sudo bash install.sh aapanel 全选代码 复制 Debian wget -O install.sh http://www.aapanel.com/script/install-ubuntu_6.0_en.sh && bash install.sh aapanel 全选代码 复制  
Read more »