Skip to main content

Security or performance? With this AMD vulnerability, you can’t have both

Render of an AMD Ryzen chip.
AMD

Recently, a cybersecurity researcher discovered a dangerous vulnerability within AMD’s Zen 2 processors. Dubbed “Zenbleed,” the vulnerability allows attackers to gain access to your computer and steal all of the most sensitive information, including passwords and encryption keys. While this doesn’t affect AMD’s best processors, it’s still a dangerous vulnerability with a wide reach, as it’s present in all Zen 2 CPUs, including consumer chips and data center EPYC processors. AMD has a fix on the way, but it might come at a price.

The bug was first spotted by Tavis Ormandy, a researcher working with Google Information Security, who made it public at the end of July. Since then, the researcher has also released a proof of concept code that shows how it works. This, while useful, might help attackers exploit this vulnerability until AMD comes up with a fix.

Recommended Videos

While the first patch is already here, most consumers will need to wait until as late as November and December, and right now, there are no good solutions. Tom’s Hardware tested the only option currently available to consumer-level processors, which is a software patch that only lasts until you reboot your PC.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

Tom’s Hardware tried the software solution in order to see just how badly performance can be affected by a possible fix, and the news isn’t great, but it could also be worse. Gamers remain virtually unaffected, so you can rest easy if you use your CPU inside a gaming PC. However, productivity applications take a hit during many workloads, with performance drops ranging from 1% to 16% depending on the software.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

Zenbleed exploits a flaw in Zen 2 chips to extract data at a rate of 30kb per core, so the better the processor, the faster the extraction. This attack affects every kind of software that’s running on the processor, including virtual machines and sandboxes. The fact that it can steal data from virtual machines is especially worrying, given the fact that it affects AMD EPYC CPUs that run in data centers.

AMD deemed Zenbleed to be of medium severity, describing the flaw as follows: “Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

It’s worth noting that AMD is not alone in battling this kind of vulnerability on its older chips. Intel, for instance, has recently been dealing with the Downfall bug, and the performance drops from possible fixes are severe, reaching up to 36%.

Regardless of the technicalities, any flaw that allows hackers to steal practically any information stored within a PC sounds dangerous enough, especially if it can do so without being detected — which Zenbleed can. Unfortunately, Zen 2 owners will have to choose between leaving themselves exposed to the effects of Zenbleed and sacrificing some performance to stay secure, unless AMD can manage to iron these things out in time.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
We have good news about AMD’s upcoming Ryzen 9000 chips
AMD CEO Lisa Su announcing the new Ryzen 9000 series desktop CPUs.

Earlier this month we saw AMD unveiling its new Ryzen 9000 series desktop processors at Computex 2024. The new desktop processors feature AMD’s next-gen Zen 5 architecture, promising approximately 15% faster performance. During the announcement, AMD said that the new chips will arrive in July 2024, however, online retailer B&H suggests that preorders will only begin at 9 a.m. ET on July 31.

Additionally, we also have (unofficial) pricing information for the upcoming CPUs. According to a report, the flagship AMD Ryzen 9 9950X has been listed on Canada Computers for CAD 839 ($610), which is noticeably lower than the $699 launch price of the Ryzen 9 7950X. Another retailer from the Philippines has listed the entire Ryzen 9000 desktop CPU lineup with the Ryzen 9 9950X priced at 38,000 Pesos ($648), Ryzen 9 9900X at 35,000 Pesos ($597), Ryzen 7 9700X at 24,000 Pesos ($409), and the Ryzen 5 9600X at 18,500 Pesos ($315).

Read more
AMD ‘basically lies’ about Computex benchmark, YouTuber says
AMD's CEO delivering the Computex 2024 presentation.

AMD is coming under some fire for performance data it shared following its Computex 2024 keynote. Thankfully, the data in question doesn't concern AMD's upcoming Ryzen 9000 CPUs, which are slated to launch in July. Instead, it concerns the performance numbers AMD shared for its repackaged Ryzen 9 5900 XT and Ryzen 7 5800 XT CPUs, which are built on the aging Zen 3 architecture.

In a monthly Q&A, YouTube channel Hardware Unboxed broke down the performance numbers. In AMD's presentation, it showed the Ryzen 9 5900 XT and Ryzen 7 5800 XT beating the Intel competition by a few points in games. AMD compared the CPUs to the Core i7-13700K and Core i5-13600K, respectively, and showed its CPUs beating Intel by upwards of 12% in some games. Hardware Unboxed says that data isn't an accurate representation, however.

Read more
AMD on the Ryzen 7 9800X3D: ‘We have a lot to say’
A delidded Ryzen 7000 CPU.

AMD just revealed its Ryzen 9000 chips at Computex 2024, but the company is already working on its versions of these processors with 3D V-Cache. These X3D variants, as they're called, have been a mainstay of AMD's lineup since the Ryzen 7 5800X3D, and they consistently rank among the best gaming processors. AMD's Donny Woligroski says the company is "not just resting on laurels," and that it has some big plans for the next version of X3D chips.

The news comes from PC Gamer, which shared various quotes from an interview with Woligroski. Although we've known for a while that 3D V-Cache would come to Ryzen 9000 eventually, Woligroski says that AMD is pushing the tech forward. "It's not like, 'hey, we've also added X3D to a chip.' We are working actively on really cool differentiators to make it even better. We're working on X3D, we're improving it," Woligroski told PC Gamer.

Read more