AMD Zen 2 CPU “Zenbleed” exploit discovered & it could steal your passwords

Sayem Ahmed
AMD hackedAMD/Pexels

AMD’s Zen 2 platform could be at risk due to a new bug, named Zenbleed, which was discovered by a Google security researcher.

A new vulnerability has been discovered for older AMD Zen 2 CPUs, like the popular Ryzen 3000 series. This vulnerability could potentially leave your sensitive data at risk, including passwords, logins, and more. The vulnerability was discovered by Google security researcher Tavis Ormandy, who named it “Zenbleed”.

Zenbleed was reported to AMD before Ormandy published a paper in his blog about how the exploit works. The exploit works on all processors which use a Zen 2 core, including certain data center products. The exploit can extract data via any software process running on the CPU itself, including virtual machines.

Article continues after ad

It’s also believed that the Zenbleed exploit can slow down the performance of Zen 2 CPUs, too.

AMD is already working on a fix, but it’ll take some time

Luckily, AMD is already aware of the issue, and is planning on patching up the AESGA firmware for all affected CPUs. But, you might be waiting until the end of the year.

Cloudflare also explains that the exploit does not require access to a PC to use the Zenbleed exploit, which can be accessed via Javascript. Despite only transferring data at 30kb/s, it is still enough to steam data from any software running on the system.

Sign up to Dexerto for free and receive:
Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech
Article continues after ad

Even worse, Zenbleed can run completely undetected by your system, since it doesn’t require any special access to use. This means that the vulnerability could leave you at risk. It’s disappointing to see AMD seemingly being so lax with the ETA for a fix, though Ormandy notes that a software fix is possible through software tuning, and would be difficult to implement for many users.

The developer first noticed the exploit in May, and after AMD has seemingly not resolved the issue quickly enough, has gone public with his findings.

Article continues after ad

AMD currently plans to showcase new graphics cards at Gamescom 2023, such as the RX 7800. But, Zenbleed might cast a looming shadow upon them.

Related Topics

About The Author

Dexerto's Hardware Editor. Sayem is an expert in all things Nvidia, AMD, Intel, and PC components. He has 10 years of experience, having written for the likes of Eurogamer, IGN, Trusted Reviews, Kotaku, and many more. Get in touch via email at sayem.ahmed@dexerto.com.