Remember Heartbleed? That infamous bug from 2014 introduced the term “-bleed” to describe vulnerabilities that leak data in an uncontrolled manner. These types of bugs cannot be used for precision attacks, but rather allow attackers to collect large amounts of unauthorized data for later analysis. Heartbleed, for example, allowed attackers to obtain additional bytes of data from a server that were not intended to be sent. This data could range from encrypted information to fragments of web pages or even private cryptographic keys. Other similar bugs include Rambleed and Optionsbleed. These bugs operate like a low-key lottery, giving attackers the opportunity to gather large amounts of data from various sources.
Recently, Google bug-hunter Tavis Ormandy discovered a new bug called Zenbleed, which affects AMD’s latest Zen 2 processors. This bug allows data to be leaked from almost any process or thread in a computer’s memory. Even programs running as unprivileged users inside a virtual machine could end up with data from other users or even the host operating system. Ormandy’s proof-of-concept code demonstrated that Zenbleed could leak about 30,000 bytes of data per second per processor core. While this may not seem like much, it can expose a substantial amount of sensitive information over time, including passwords and authentication tokens. The data exposed in 16-byte chunks also makes it easier for attackers to identify valuable information.
The Zenbleed flaw is a result of modern processors’ internal features designed to improve performance, such as speculative execution. Speculative execution allows processors to continue calculations ahead of time, assuming that the answer will be needed. If the speculative answer turns out to be unnecessary or inaccessible, it is discarded. However, this feature can lead to vulnerabilities like Zenbleed. In this case, the bug arises when an AMD Zen 2 processor performs a special instruction that sets multiple vector registers to zero. These vector registers are used for high-performance numeric and data processing instructions. The problem occurs when switching between newer AVX instructions and older SSE instructions, causing the processor to save and restore data, which impacts performance.
In conclusion, bugs like Heartbleed and Zenbleed highlight the ongoing challenge of securing systems against vulnerabilities that leak data uncontrollably. These bugs take advantage of processor features designed for performance, showing the trade-off between speed and security. As technology continues to advance, it is crucial for developers and manufacturers to prioritize security measures and regularly patch vulnerabilities to protect against data leaks.