Skip to main content

Security or performance? With this AMD vulnerability, you can’t have both

Render of an AMD Ryzen chip.
AMD

Recently, a cybersecurity researcher discovered a dangerous vulnerability within AMD’s Zen 2 processors. Dubbed “Zenbleed,” the vulnerability allows attackers to gain access to your computer and steal all of the most sensitive information, including passwords and encryption keys. While this doesn’t affect AMD’s best processors, it’s still a dangerous vulnerability with a wide reach, as it’s present in all Zen 2 CPUs, including consumer chips and data center EPYC processors. AMD has a fix on the way, but it might come at a price.

The bug was first spotted by Tavis Ormandy, a researcher working with Google Information Security, who made it public at the end of July. Since then, the researcher has also released a proof of concept code that shows how it works. This, while useful, might help attackers exploit this vulnerability until AMD comes up with a fix.

Recommended Videos

While the first patch is already here, most consumers will need to wait until as late as November and December, and right now, there are no good solutions. Tom’s Hardware tested the only option currently available to consumer-level processors, which is a software patch that only lasts until you reboot your PC.

Tom’s Hardware tried the software solution in order to see just how badly performance can be affected by a possible fix, and the news isn’t great, but it could also be worse. Gamers remain virtually unaffected, so you can rest easy if you use your CPU inside a gaming PC. However, productivity applications take a hit during many workloads, with performance drops ranging from 1% to 16% depending on the software.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

Zenbleed exploits a flaw in Zen 2 chips to extract data at a rate of 30kb per core, so the better the processor, the faster the extraction. This attack affects every kind of software that’s running on the processor, including virtual machines and sandboxes. The fact that it can steal data from virtual machines is especially worrying, given the fact that it affects AMD EPYC CPUs that run in data centers.

AMD deemed Zenbleed to be of medium severity, describing the flaw as follows: “Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

It’s worth noting that AMD is not alone in battling this kind of vulnerability on its older chips. Intel, for instance, has recently been dealing with the Downfall bug, and the performance drops from possible fixes are severe, reaching up to 36%.

Regardless of the technicalities, any flaw that allows hackers to steal practically any information stored within a PC sounds dangerous enough, especially if it can do so without being detected — which Zenbleed can. Unfortunately, Zen 2 owners will have to choose between leaving themselves exposed to the effects of Zenbleed and sacrificing some performance to stay secure, unless AMD can manage to iron these things out in time.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
AMD didn’t even need its best CPU to beat Intel
A render of a Ryzen 9000 CPU.

Looks like the competition between AMD and Intel is about to start heating up again. AMD's upcoming second-best processor, the Ryzen 9 9900X, was just spotted in an early benchmark -- and the results are shockingly good. If this is what AMD can do with a 12-core CPU, what's going to happen when the 16-core version of Zen 5 appears in tests?

The happy news (for AMD fans, at least) comes directly from the Geekbench 6.2 database, and it all comes down to a benchmark of what appears to be a retail sample of the Ryzen 9 9900X. The chip scored an impressive 3,401 points in the single-core score, and 19,756 points in the multi-core score. That puts it far above its predecessor, the Ryzen 9 7900X, but that's not its only success.

Read more
AMD Zen 6 chips could be here sooner than you think
The AMD Ryzen 7 5700 propped up against an action figure.

Last month at Computex, AMD announced its Zen 5-based desktop and mobile processors, set for launch later this month. Shortly after this announcement, details about their successor, code-named "Medusa," have emerged. According to leaks, Medusa will be part of the Zen 6 lineup and is expected to be released in late 2025, contrary to earlier rumors of a 2026 launch.

Sources cited by YouTuber Moore’s Law Is Dead suggest AMD plans to finalize the Zen 6 architecture by Q2 2025, with production possibly beginning later that year. Another source confirmed Medusa as a Zen 6 product, potentially targeting both laptops and the desktop AM5 platform. Additionally, Strix Halo and Medusa Halo, based on Zen 5 and Zen 6 architectures, are expected to use TSMC's N3E (enhanced 3nm process).

Read more
AMD: ‘We are running as fast as we possibly can’
AMD's CEO delivering the Computex 2024 presentation.

Be it some of the best consumer processors or the chips that power massive data centers, the rivalry between AMD and Intel, as well as AMD and Nvidia, never comes to an end -- and AMD is well aware of it. In a recent interview, AMD revealed its plan for keeping up with Intel and staying ahead of the game, and this could bode well for some of its upcoming products; we've got plenty of those slated for this year, after all. One of the key parts of AMD's strategy appears to lie in quickly adopting the latest tech before it becomes yesterday's news.

The interview in question comes from The Next Platform. Forrest Norrod, executive vice president at AMD, spoke mainly about the company's data center plans, but it's safe to assume that this strategy might stretch beyond enterprise customers. When asked about the state of Intel's data center business, particularly Xeon 6 CPUs, Norrod spoke well of AMD's rivals.

Read more