Skip to main content

Security or performance? With this AMD vulnerability, you can’t have both

Render of an AMD Ryzen chip.

Recently, a cybersecurity researcher discovered a dangerous vulnerability within AMD’s Zen 2 processors. Dubbed “Zenbleed,” the vulnerability allows attackers to gain access to your computer and steal all of the most sensitive information, including passwords and encryption keys. While this doesn’t affect AMD’s best processors, it’s still a dangerous vulnerability with a wide reach, as it’s present in all Zen 2 CPUs, including consumer chips and data center EPYC processors. AMD has a fix on the way, but it might come at a price.

The bug was first spotted by Tavis Ormandy, a researcher working with Google Information Security, who made it public at the end of July. Since then, the researcher has also released a proof of concept code that shows how it works. This, while useful, might help attackers exploit this vulnerability until AMD comes up with a fix.

While the first patch is already here, most consumers will need to wait until as late as November and December, and right now, there are no good solutions. Tom’s Hardware tested the only option currently available to consumer-level processors, which is a software patch that only lasts until you reboot your PC.

Tom’s Hardware tried the software solution in order to see just how badly performance can be affected by a possible fix, and the news isn’t great, but it could also be worse. Gamers remain virtually unaffected, so you can rest easy if you use your CPU inside a gaming PC. However, productivity applications take a hit during many workloads, with performance drops ranging from 1% to 16% depending on the software.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

Zenbleed exploits a flaw in Zen 2 chips to extract data at a rate of 30kb per core, so the better the processor, the faster the extraction. This attack affects every kind of software that’s running on the processor, including virtual machines and sandboxes. The fact that it can steal data from virtual machines is especially worrying, given the fact that it affects AMD EPYC CPUs that run in data centers.

AMD deemed Zenbleed to be of medium severity, describing the flaw as follows: “Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

It’s worth noting that AMD is not alone in battling this kind of vulnerability on its older chips. Intel, for instance, has recently been dealing with the Downfall bug, and the performance drops from possible fixes are severe, reaching up to 36%.

Regardless of the technicalities, any flaw that allows hackers to steal practically any information stored within a PC sounds dangerous enough, especially if it can do so without being detected — which Zenbleed can. Unfortunately, Zen 2 owners will have to choose between leaving themselves exposed to the effects of Zenbleed and sacrificing some performance to stay secure, unless AMD can manage to iron these things out in time.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
AMD Ryzen Master has a bug that can let someone take full control of your PC
A hand holding AMD's Ryzen 9 7950X3D processor.

AMD has just revealed that it spotted a new vulnerability in its Ryzen Master software. The bug sounds pretty dangerous -- it could potentially allow an attacker to take full control of your PC.

Here's everything we know about the vulnerability and the steps you need to take to secure your computer.

Read more
Chrome’s take on Nvidia DLSS is set to launch, but you can’t use it yet
Three RTX 4080 cards sitting on a pink background.

Exciting new Nvidia tech is coming to Google Chrome, and on the browser side, the update is ready. We're talking about Nvidia's RTX Video Super Resolution (VSR), which is said to support upscaling up to 4K.

However, if you're itching to try it out, we have some bad news -- you can't use it just yet.

Read more
Asus ZenBook S 13 Flip vs. HP Spectre x360 13.5: you can’t go wrong
Drawing on the HP Spectre x360 13.5 inch model.

When it comes to 360-degree convertible 2-in-1s, you have a lot of options. Some of them are among the best laptops you can buy. HP's Spectre x360 13.5 is a prime example, making our lists of both the best 2-in-1s and best laptops and for quite some time representing the best that the class has to offer.

But Asus has been a serious player in this form factor as well, putting out several machines that have been close to making both lists. Its latest ZenBook S 13 Flip is a prime example, and it has an ace up its sleeve: it's a very light laptop that makes it easier to use as a tablet. Does that give it enough to dethrone the Spectre x360 13.5?
Specs and configurations

Read more