A vulnerability called ZenBleed has been discovered in the line of “Zen 2” CPUs from AMD. This affects the following IGEL Products
IGEL OS 12 running on AMD CPUs
IGEL OS 11 running on AMD CPUs
Details
ZenBleed (CVE-2023-20593) is a medium risk (6.5 CVSS score) vulnerability, which can allow local attackers with the ability to run arbitrary code within the local machine/VM to infer CPU register content from another process in the same instance scheduled on the same core. This could potentially leak sensitive information. Google’s Project Zero security team has confirmed that this vulnerability is reproducible on at least the following SKUs:
AMD Ryzen Threadripper PRO 3945WX 12-Cores
AMD Ryzen 7 PRO 4750GE with Radeon Graphics
AMD Ryzen 7 5700U
AMD EPYC 7B12
Update Instructions
OS 12: Update the IGEL OS Base System app to version 12.02.100 (available in September 2023)
OS 11: Update to OS 11.09.100 (available in September 2023)