Skip to main content

Security or performance? With this AMD vulnerability, you can’t have both

Render of an AMD Ryzen chip.

Recently, a cybersecurity researcher discovered a dangerous vulnerability within AMD’s Zen 2 processors. Dubbed “Zenbleed,” the vulnerability allows attackers to gain access to your computer and steal all of the most sensitive information, including passwords and encryption keys. While this doesn’t affect AMD’s best processors, it’s still a dangerous vulnerability with a wide reach, as it’s present in all Zen 2 CPUs, including consumer chips and data center EPYC processors. AMD has a fix on the way, but it might come at a price.

The bug was first spotted by Tavis Ormandy, a researcher working with Google Information Security, who made it public at the end of July. Since then, the researcher has also released a proof of concept code that shows how it works. This, while useful, might help attackers exploit this vulnerability until AMD comes up with a fix.

While the first patch is already here, most consumers will need to wait until as late as November and December, and right now, there are no good solutions. Tom’s Hardware tested the only option currently available to consumer-level processors, which is a software patch that only lasts until you reboot your PC.

Tom’s Hardware tried the software solution in order to see just how badly performance can be affected by a possible fix, and the news isn’t great, but it could also be worse. Gamers remain virtually unaffected, so you can rest easy if you use your CPU inside a gaming PC. However, productivity applications take a hit during many workloads, with performance drops ranging from 1% to 16% depending on the software.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

Zenbleed exploits a flaw in Zen 2 chips to extract data at a rate of 30kb per core, so the better the processor, the faster the extraction. This attack affects every kind of software that’s running on the processor, including virtual machines and sandboxes. The fact that it can steal data from virtual machines is especially worrying, given the fact that it affects AMD EPYC CPUs that run in data centers.

AMD deemed Zenbleed to be of medium severity, describing the flaw as follows: “Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

It’s worth noting that AMD is not alone in battling this kind of vulnerability on its older chips. Intel, for instance, has recently been dealing with the Downfall bug, and the performance drops from possible fixes are severe, reaching up to 36%.

Regardless of the technicalities, any flaw that allows hackers to steal practically any information stored within a PC sounds dangerous enough, especially if it can do so without being detected — which Zenbleed can. Unfortunately, Zen 2 owners will have to choose between leaving themselves exposed to the effects of Zenbleed and sacrificing some performance to stay secure, unless AMD can manage to iron these things out in time.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
This tiny ThinkPad can’t quite keep up with the MacBook Air M2
Lenovo ThinkPad X1 Nano Gen 3 rear view showing lid and logo.

While the laptop industry continues to move toward 14-inch laptops and larger, the 13-inch laptop remains an important category. One of the best is the Apple MacBook Air M2, with an extremely thin and well-built chassis, great performance, and incredibly long battery life.

Lenovo has recently introduced the third generation of its ThinkPad X1 Nano, one of the lightest laptops we've tested and a good performer as well. It's stiff competition, but which of these two diminutive laptops stands apart?
Specs and configurations

Read more
If you have a Gigabyte motherboard, your PC might stealthily download malware
A Gigabyte Aorus Extreme motherboard.

Yet another motherboard manufacturer seems to be in trouble -- or rather, the people who own those motherboards might be. According to security researchers, countless Gigabyte boards might be vulnerable to dangerous cyberattacks.

If you want to be extra safe, there are a couple of things you can do to protect your PC. Here's what we know.

Read more
This is how you can accidentally kill AMD’s best CPU for gaming
Someone holding the Ryzen 7 5800X3D in a red light.

It turns out that one of AMD's best gaming CPUs, the Ryzen 7 5800X3D, can accidentally be killed if you try to overclock it, and it's all because there are no limitations as to how far you can push the processor.

Igor Wallossek of Igor's Lab found that the software used for overclocking and overvolting Ryzen CPUs currently doesn't impose any limits when you try to ramp up the voltage. And that's a recipe for turning a fun performance boost into an overclocking nightmare.

Read more