A new security vulnerability has been discovered in AMD’s Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.
Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second.
The issue is part of a broader category of weaknesses called speculative execution attacks, in which the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers.