Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

How Cloudflare is staying ahead of the AMD Zen vulnerability known as “Zenbleed”

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Derek Chamorro, Ignat Korchagin
Word Count
906
Company Posts That Month
16
Language
English
Hacker News Points
50
Post removed?
No
Summary

A new vulnerability called 'Zenbleed' has been discovered in AMD's Zen 2 processors, affecting their entire product stack including EPYC data center processors and Ryzen 3000 CPUs. The flaw allows sensitive information stored within the CPU to be stolen remotely through JavaScript on a website without requiring physical access. Cloudflare is patching its fleet of potentially impacted servers with AMD's microcode as a mitigation measure while monitoring for any attempts at exploitation. Zenbleed takes advantage of speculative execution capabilities, targeting Advanced Vector Extensions (AVX) registers, which are susceptible to storing private information like cryptographic keys and passwords. The vulnerability is classified with a CVSS score of 6.5 (Medium). AMD's mitigation involves turning off a floating point optimization through the MSR register via microcode update.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.