Bug 2217845 (AMD-SN-7008, CVE-2023-20593, zenbleed) - CVE-2023-20593 hw: amd: Cross-Process Information Leak
Summary: CVE-2023-20593 hw: amd: Cross-Process Information Leak
Keywords:
Status: NEW
Alias: AMD-SN-7008, CVE-2023-20593, zenbleed
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2226819 2226820 2226821 2226822 2226823 2226824 2226826 2226827 2226828 2226829 2226830 2226831 2226832 2226833 2226834 2226835 2226836 2226837 2226838 2226839 2226840 2226841 2226842 2226843 2226860 2227144 2227145 2227146 2227147 2227148 2227149 2227150 2227151 2227152 2227153 2227154 2227155 2227156
Blocks: 2180682
TreeView+ depends on / blocked
 
Reported: 2023-06-27 09:25 UTC by Rohit Keshri
Modified: 2024-02-23 18:24 UTC (History)
73 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:4867 0 None None None 2023-08-29 22:23:55 UTC
Red Hat Product Errata RHBA-2023:4926 0 None None None 2023-08-31 15:18:09 UTC
Red Hat Product Errata RHBA-2023:5162 0 None None None 2023-09-14 08:11:44 UTC
Red Hat Product Errata RHBA-2023:5301 0 None None None 2023-09-19 18:56:19 UTC
Red Hat Product Errata RHBA-2023:5328 0 None None None 2023-09-21 11:17:34 UTC
Red Hat Product Errata RHBA-2023:5329 0 None None None 2023-09-21 12:27:50 UTC
Red Hat Product Errata RHBA-2023:5338 0 None None None 2023-09-25 01:13:41 UTC
Red Hat Product Errata RHBA-2023:5355 0 None None None 2023-09-26 10:24:52 UTC
Red Hat Product Errata RHBA-2023:7568 0 None None None 2023-11-29 12:06:33 UTC
Red Hat Product Errata RHBA-2024:0679 0 None None None 2024-02-05 11:45:50 UTC
Red Hat Product Errata RHSA-2023:4696 0 None None None 2023-08-22 13:54:18 UTC
Red Hat Product Errata RHSA-2023:4699 0 None None None 2023-08-22 13:51:47 UTC
Red Hat Product Errata RHSA-2023:4789 0 None None None 2023-08-29 08:44:14 UTC
Red Hat Product Errata RHSA-2023:4819 0 None None None 2023-08-29 09:29:39 UTC
Red Hat Product Errata RHSA-2023:4821 0 None None None 2023-08-29 09:22:24 UTC
Red Hat Product Errata RHSA-2023:5068 0 None None None 2023-09-12 09:44:44 UTC
Red Hat Product Errata RHSA-2023:5069 0 None None None 2023-09-12 10:14:13 UTC
Red Hat Product Errata RHSA-2023:5091 0 None None None 2023-09-12 09:50:49 UTC
Red Hat Product Errata RHSA-2023:5244 0 None None None 2023-09-19 14:35:21 UTC
Red Hat Product Errata RHSA-2023:5245 0 None None None 2023-09-19 14:00:25 UTC
Red Hat Product Errata RHSA-2023:5255 0 None None None 2023-09-19 14:02:24 UTC
Red Hat Product Errata RHSA-2023:5419 0 None None None 2023-10-03 13:15:35 UTC
Red Hat Product Errata RHSA-2023:5591 0 None None None 2023-10-10 14:12:37 UTC
Red Hat Product Errata RHSA-2023:5607 0 None None None 2023-10-10 15:31:23 UTC
Red Hat Product Errata RHSA-2023:7244 0 None None None 2023-11-15 17:50:17 UTC
Red Hat Product Errata RHSA-2023:7382 0 None None None 2023-11-21 11:15:57 UTC
Red Hat Product Errata RHSA-2023:7389 0 None None None 2023-11-21 11:12:02 UTC
Red Hat Product Errata RHSA-2023:7401 0 None None None 2023-11-21 11:41:29 UTC
Red Hat Product Errata RHSA-2023:7513 0 None None None 2023-11-27 16:18:22 UTC
Red Hat Product Errata RHSA-2023:7551 0 None None None 2023-11-28 16:20:45 UTC
Red Hat Product Errata RHSA-2023:7557 0 None None None 2023-11-28 18:12:50 UTC
Red Hat Product Errata RHSA-2023:7665 0 None None None 2023-12-06 09:35:39 UTC
Red Hat Product Errata RHSA-2023:7782 0 None None None 2023-12-13 15:10:49 UTC
Red Hat Product Errata RHSA-2024:0402 0 None None None 2024-01-24 15:04:55 UTC
Red Hat Product Errata RHSA-2024:0403 0 None None None 2024-01-24 15:05:32 UTC
Red Hat Product Errata RHSA-2024:0561 0 None None None 2024-01-30 12:26:18 UTC

Description Rohit Keshri 2023-06-27 09:25:13 UTC
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.

Refer:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

Comment 1 Rohit Keshri 2023-06-27 09:44:50 UTC
Affected Products:

“Zen 2” Architecture-based Client and Server platforms

Desktop
AMD RyzenTM 3000 Series Processors
AMD RyzenTM PRO 3000 Series Processors
AMD RyzenTM ThreadripperTM 3000 Series Processors
AMD RyzenTM 4000 Series Processors with RadeonTM Graphics
AMD RyzenTM PRO 4000 Series Desktop Processors

Mobile
AMD RyzenTM 5000 Series Processors with RadeonTM Graphics
AMD RyzenTM 7020 Series Processors with RadeonTM Graphics

Datacenter
AMD EPYCTM 7002 Processors

Comment 10 Youssef Ghorbal 2023-07-26 13:32:48 UTC
Hello,

 I'm not sure what info are needed to move forward and issue a linux-firmware package including the upstream fix.
 The technical details of the issue are here [0]
 The upstream fix is here [1]

 Its weird that the Red Hat related page[2] states that none of RHEL versions are affected.
 
Youssef Ghorbal

[0] https://lock.cmpxchg8b.com/zenbleed.html
[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f
[2] https://access.redhat.com/security/cve/cve-2023-20593

Comment 12 Kilian Cavalotti 2023-07-26 15:27:37 UTC
https://access.redhat.com/security/cve/cve-2023-20593 lists kernel packages as "not affected", which is both true and completely irrelevant: CVE-2023-20593 is not a kernel issue (even though some kernel-side mitigations exist), it's a CPU problem and the fix is a microcode update.

Could we please get a linux-firmware update that contains the updated µcode in https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f?

Debian already released an updated amd64-microsode package 2 days ago, so with Red Hat still not having even correctly assessed the issue, let alone provided any fix or mitigation, it's hard for customers to understand the value of paying an Enterprise support license in the hope of getting timely security updates. Or support.

Comment 13 Rohit Keshri 2023-07-26 16:37:27 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2226819]

Comment 22 Justin M. Forbes 2023-08-07 21:31:42 UTC
This was fixed for Fedora with the 6.4.6 stable kernel updates.

Comment 24 rderooy.lxp 2023-08-09 12:11:59 UTC
If this was fixed in the Fedora 6.4.6 kernel then:

- How come the release nodes for this kernel (or newer kernels up to 6.4.8) make no mention of it
- How was this fixed in a kernel update when this is actually a CPU microcode issue? Was the "chicken bit" workaround integrated into the kernel?

The actual microcode fix should be released as part of a new linux-firmware-20230804-152 package, which right now for Fedora is still in "Testing".
https://packages.fedoraproject.org/pkgs/linux-firmware/linux-firmware/

When can we expect this updated firmware package, to actually fix this issue, to be released for RHEL? After all this CVE has been public since the 24th of July.

Comment 25 Youssef Ghorbal 2023-08-16 09:18:20 UTC
So Fedora is getting security fixes faster that RHEL now?
Seriously what's the point of beeing a paying RHEL curtomer?
What's the plan for this to be fixed in RHEL? Are we talking day? weeks?

Comment 27 errata-xmlrpc 2023-08-22 13:51:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2023:4699 https://access.redhat.com/errata/RHSA-2023:4699

Comment 28 errata-xmlrpc 2023-08-22 13:54:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support

Via RHSA-2023:4696 https://access.redhat.com/errata/RHSA-2023:4696

Comment 29 errata-xmlrpc 2023-08-29 08:44:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4789 https://access.redhat.com/errata/RHSA-2023:4789

Comment 30 errata-xmlrpc 2023-08-29 09:22:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4821 https://access.redhat.com/errata/RHSA-2023:4821

Comment 31 errata-xmlrpc 2023-08-29 09:29:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4819 https://access.redhat.com/errata/RHSA-2023:4819

Comment 33 errata-xmlrpc 2023-09-12 09:44:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5068 https://access.redhat.com/errata/RHSA-2023:5068

Comment 34 errata-xmlrpc 2023-09-12 09:50:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5091

Comment 35 errata-xmlrpc 2023-09-12 10:14:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5069

Comment 36 errata-xmlrpc 2023-09-19 14:00:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5245 https://access.redhat.com/errata/RHSA-2023:5245

Comment 37 errata-xmlrpc 2023-09-19 14:02:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5255 https://access.redhat.com/errata/RHSA-2023:5255

Comment 38 errata-xmlrpc 2023-09-19 14:35:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5244 https://access.redhat.com/errata/RHSA-2023:5244

Comment 39 errata-xmlrpc 2023-10-03 13:15:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2023:5419 https://access.redhat.com/errata/RHSA-2023:5419

Comment 40 errata-xmlrpc 2023-10-10 14:12:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5591 https://access.redhat.com/errata/RHSA-2023:5591

Comment 41 errata-xmlrpc 2023-10-10 15:31:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5607 https://access.redhat.com/errata/RHSA-2023:5607

Comment 43 errata-xmlrpc 2023-11-15 17:50:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2023:7244 https://access.redhat.com/errata/RHSA-2023:7244

Comment 44 errata-xmlrpc 2023-11-21 11:11:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7389

Comment 45 errata-xmlrpc 2023-11-21 11:15:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7382

Comment 46 errata-xmlrpc 2023-11-21 11:41:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7401 https://access.redhat.com/errata/RHSA-2023:7401

Comment 47 errata-xmlrpc 2023-11-27 16:18:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7513 https://access.redhat.com/errata/RHSA-2023:7513

Comment 48 errata-xmlrpc 2023-11-28 16:20:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7551 https://access.redhat.com/errata/RHSA-2023:7551

Comment 49 errata-xmlrpc 2023-11-28 18:12:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7557 https://access.redhat.com/errata/RHSA-2023:7557

Comment 50 errata-xmlrpc 2023-12-06 09:35:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:7665 https://access.redhat.com/errata/RHSA-2023:7665

Comment 51 errata-xmlrpc 2023-12-13 15:10:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support

Via RHSA-2023:7782 https://access.redhat.com/errata/RHSA-2023:7782

Comment 53 errata-xmlrpc 2024-01-24 15:04:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0402 https://access.redhat.com/errata/RHSA-2024:0402

Comment 54 errata-xmlrpc 2024-01-24 15:05:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0403 https://access.redhat.com/errata/RHSA-2024:0403

Comment 55 errata-xmlrpc 2024-01-30 12:26:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0561 https://access.redhat.com/errata/RHSA-2024:0561


Note You need to log in before you can comment on or make changes to this bug.