The officially official Devuan Forum!

You are not logged in.

#1 2023-07-26 10:36:23

soren
Member
Registered: 2023-04-30
Posts: 142  

Zenbleed - CVE-2023-20593

Thought i should post this in the interest of security.

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://security-tracker.debian.org/tra … 2023-20593

Interesting take from OpenBSD

https://marc.info/?l=openbsd-tech&m=169021508718971&w=2

Offline

#2 2023-07-26 11:10:36

stopAI
Member
Registered: 2023-04-04
Posts: 186  

Re: Zenbleed - CVE-2023-20593

This is fixed in Devuan Chimaera....

Offline

#3 2023-07-26 13:26:19

Marjorie
Member
From: Teignmouth, UK
Registered: 2019-06-09
Posts: 221  

Re: Zenbleed - CVE-2023-20593

I'm not affected personally as my AMD 5600G is Zen3 not Zen2,

Nevertheless a AMD-microcode fix for Chimaera, Daedalus and Unstable landed this morning as a security update.

However as the end of that security-tracker (https://security-tracker.debian.org/tra … 2023-20593) it says:

3.20230719.1 ships the first batch of fixes, only for 2nd gen Epyc CPUs, further
CPUs to follow in later releases

This is the one we have now got. Epyc is a database CPU.

So there are still fixes to come for the other Zen2 (Ryzen) CPUs which aren't fixed yet.

More info here:

https://web.archive.org/web/20230724143 … bleed.html

If you haven't got the microcode fix there is a workaround mentioned in this article:

Workaround

It is highly recommended to use the microcode update.

If you can’t apply the update for some reason, there is a software workaround: you can set the chicken bit DE_CFG[9].

This may have some performance cost.

Linux

You can use msr-tools to set the chicken bit on all cores, like this:

# wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) | (1<<9)))

Last edited by Marjorie (2023-07-26 15:01:31)

Offline

Board footer