Benjamin Carr, Ph.D. 👨🏻‍💻🧬Feb 14, 2024
#AMD discloses slew of high severity #security #vulnerabilities for #Zen systems, from the original Zen chips to the latest #Zen4 #CPU, that attacks #BIOS chips, we finally have a #Zenbleed fix. AMD is patching the vulnerabilities through new versions of #AGESA, for #Zen2-based chips, in particular, many of these new AGESAs also patch Zenbleed, including #Epyc #Server chips https://bit.ly/3I1JKds https://www.tomshardware.com/pc-components/cpus/amd-discloses-slew-of-high-severity-security-vulnerabilities-for-zen-chips-that-attack-bios-chips-updates-aim-to-patch-bugs-finally-fix-zenbleed
AMD discloses slew of high severity security vulnerabilities that attacks BIOS chips on Zen systems — updates aren't available for all chips, finally a fix Zenbleed

Update your BIOS ASAP.

Tom's Hardware
Andro AbhiOct 27, 2023

This Week in Security: 1Password, Polyglots, and Roundcube

#hackadaycolumns #news #securityhacks #1password #polyglot #roundcube #zenbleed #hackaday

-- Delivered by RssEverything service

hackaday.com/2023/10/27/this-w…

This Week In Security: 1Password, Polyglots, And Roundcube

This week we got news of a security incident at 1Password, and we’re certain we aren’t the only ones hoping it’s not a repeat of what happened at LastPass. 1Password has released …

Hackaday
GeekProjects NewsOct 27, 2023
This Week in Security: 1Password, Polyglots, and Roundcube https://hackaday.com/2023/10/27/this-week-in-security-1password-polyglots-and-roundcube/ #HackadayColumns #SecurityHacks #1Password #Roundcube #polyglot #Zenbleed #News
This Week In Security: 1Password, Polyglots, And Roundcube

This week we got news of a security incident at 1Password, and we’re certain we aren’t the only ones hoping it’s not a repeat of what happened at LastPass. 1Password has released …

Hackaday
Duane ThompsonSep 13, 2023

#zenbleed

https://youtu.be/9EY_9KtxyPg?si=lNFQMOIkC1o_M5Ru

Zenbleed (CVE-2023-20593)

YouTube
Show threadDarkCybermanSep 13, 2023
@merill I dislike the additional dependency on Microsoft managed infrastructure. Their track record isn’t great lately given #solarwinds, #bluebleed and their e-mail/key hack. I can’t even find a reasonable statement about #zenbleed for Azure.
DarkCybermanAug 25, 2023
Can’t find any statement from Microsoft regarding Azure and #zenbleed (CVE-2023-20593) mitigation. At least Aws and google published statements for their clouds.
Christian Blichmann🇺🇦Aug 18, 2023
Pretty good video to watch on the #zenbleed vulnerability, feat. Tacos Ormandy:
https://youtu.be/neWc0H1k2Lc
The Discovery of Zenbleed ft. Tavis Ormandy

YouTube
AndreasAug 18, 2023

#LiveOverflow talked with @taviso about Zenbleed (CVE-2023-20593)
https://m.youtube.com/watch?v=neWc0H1k2Lc

#infosec #zenbleed #cve202320593

The Discovery of Zenbleed ft. Tavis Ormandy

YouTube
Melroy van den BergAug 18, 2023
When looking at all the CPU vulnerabilities in the recent years even until this day. We see mitigations taking place in microcode or OS level. But the performance impact is huge! Sometimes 30%-50% decrease in performance on specific tasks like databases!
Question: can we get some compensation as consumer? Since both Intel and AMD sold hardware that doesn't give the promised results.
#specre #meltdown #hertzbleed #Zenbleed #Inception #vulnerability #security #secops #compensation #money
lp0 on fire Aug 14, 2023

The #Linux kernel wants, for my CPU (Ryzen 3600), microcode revision 0x8701032. The latest available (only via BIOS updates, not linux-firmware) is 0x8701030, and the kernel complains about it:

“Zenbleed: please update your microcode for the most optimal fix”

#AMD #Ryzen #Zenbleed