Zenbleed (CVE-2023-20593)

2023-08-29

[public] 64.8K views, 6.33K likes, dislikes audio only

Let's explore the "most exciting" CPU vulnerability affecting Zen2 CPUs from AMD.

Watch part 1 about fuzzing: /youtube/video/neWc0H1k2Lc

buy my font (advertisement): https://shop.liveoverflow.com/

This video is sponsored by Google: https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html

Original Zenbleed Writeup: https://lock.cmpxchg8b.com/zenbleed.html

Grab the code: https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed

cvtsi2ss: https://www.felixcloutier.com/x86/cvtsi2ss.html

AMD Security Bulletin: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

RIDL Video: /youtube/video/x_R1DeZxGc0

Tavis Ormandy: https://twitter.com/taviso

Chapters:

00:00 - Intro

02:27 - zenleak.asm Patterns

03:56 - The C Exploit Code

05:20 - Assembly Generation with Compiler Preprocessor

07:40 - What are XMM and YMM Registers?

11:56 - Zenbleed: Trigger Merge Optimization

14:28 - Register File & Register Allocation Table

16:39 - Register Renaming

17:55 - Speculative Execution

18:55 - vzeroupper and SSE & AVX History

21:22 - Zenbleed Explanation

23:55 - How to fix Zenbleed?

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

2nd Channel: https://www.youtube.com/LiveUnderflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/

→ Streaming: https://twitch.tvLiveOverflow/

→ TikTok: https://www.tiktok.com/@liveoverflow_

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/