Skip to main content
Skip table of contents

ISN 2023-15: ZenBleed Vulnerability

First published 28 July 2023

CVSS 3.1: 6.5 (Medium)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

A vulnerability called ZenBleed has been discovered in the line of “Zen 2” CPUs from AMD. This affects the following IGEL Products

  • IGEL OS 12 running on AMD CPUs
  • IGEL OS 11 running on AMD CPUs

Details

ZenBleed (CVE-2023-20593) is a medium risk (6.5 CVSS score) vulnerability, which can allow local attackers with the ability to run arbitrary code within the local machine/VM to infer CPU register content from another process in the same instance scheduled on the same core. This could potentially leak sensitive information. Google’s Project Zero security team has confirmed that this vulnerability is reproducible on at least the following SKUs:

  • AMD Ryzen Threadripper PRO 3945WX 12-Cores
  • AMD Ryzen 7 PRO 4750GE with Radeon Graphics
  • AMD Ryzen 7 5700U
  • AMD EPYC 7B12

Update Instructions

  • OS 12: Update the IGEL OS Base System app to version 12.02.100 (available in September 2023)
  • OS 11: Update to OS 11.09.100 (available in September 2023)

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.