Swipe data out of registers at 30Kb per second per core
If you’re running the Ryzen 3000 and Ryzen 4000G series desktop processors, the 4000 and many 5000 series laptop processors, the retro-core Ryzen 7020 mobile CPU and finally the Zen 2 processors that span the Threadripper 3000 family, you’re in a bit of a situation. If you’re running an EPYC 7020 you’ll still have issues, but unlike the aforementioned chip, a patch has already been provided and should be downloaded immediately. For everyone else, patches still need to be distributed, but they may become available in October-December.
As for your situation, it doesn’t get any worse than Zenbleed. No physical hardware access or elevated access is required to implement this bug, just the use of maliciously crafted JavaScript on a website is enough to infect it. Zenbleed sends information passed to the CPU’s registers at a rate that allows you to monitor the data being processed on your machine in real time. This includes not just passwords, but any other data you happen to be working with.
After bad news comes a little bit of good news. So far no one has found it actually used. This may change in the coming months, but for now this exploit is purely theoretical. Another good news is that inserting an emulation layer disables Zenbleed completely, so it’s best to implement it on sensitive servers if possible.
