Amd ZenBleed security fix, other bugfixes, advisory will follow SRPMS: kernel-5.15.122-1.mga8.src.rpm kmod-virtualbox-7.0.10-1.1.mga8.src.rpm kmod-xtables-addons-3.23-1.23.mga8.src.rpm i586: bpftool-5.15.122-1.mga8.i586.rpm cpupower-5.15.122-1.mga8.i586.rpm cpupower-devel-5.15.122-1.mga8.i586.rpm kernel-desktop-5.15.122-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-5.15.122-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-5.15.122-1.mga8-1-1.mga8.i586.rpm kernel-desktop586-devel-latest-5.15.122-1.mga8.i586.rpm kernel-desktop586-latest-5.15.122-1.mga8.i586.rpm kernel-desktop-devel-5.15.122-1.mga8-1-1.mga8.i586.rpm kernel-desktop-devel-latest-5.15.122-1.mga8.i586.rpm kernel-desktop-latest-5.15.122-1.mga8.i586.rpm kernel-doc-5.15.122-1.mga8.noarch.rpm kernel-server-5.15.122-1.mga8-1-1.mga8.i586.rpm kernel-server-devel-5.15.122-1.mga8-1-1.mga8.i586.rpm kernel-server-devel-latest-5.15.122-1.mga8.i586.rpm kernel-server-latest-5.15.122-1.mga8.i586.rpm kernel-source-5.15.122-1.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.15.122-1.mga8.noarch.rpm kernel-userspace-headers-5.15.122-1.mga8.i586.rpm libbpf0-5.15.122-1.mga8.i586.rpm libbpf-devel-5.15.122-1.mga8.i586.rpm perf-5.15.122-1.mga8.i586.rpm xtables-addons-kernel-5.15.122-desktop-1.mga8-3.23-1.23.mga8.i586.rpm xtables-addons-kernel-5.15.122-desktop586-1.mga8-3.23-1.23.mga8.i586.rpm xtables-addons-kernel-5.15.122-server-1.mga8-3.23-1.23.mga8.i586.rpm xtables-addons-kernel-desktop586-latest-3.23-1.23.mga8.i586.rpm xtables-addons-kernel-desktop-latest-3.23-1.23.mga8.i586.rpm xtables-addons-kernel-server-latest-3.23-1.23.mga8.i586.rpm x86_64: bpftool-5.15.122-1.mga8.x86_64.rpm cpupower-5.15.122-1.mga8.x86_64.rpm cpupower-devel-5.15.122-1.mga8.x86_64.rpm kernel-desktop-5.15.122-1.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-5.15.122-1.mga8-1-1.mga8.x86_64.rpm kernel-desktop-devel-latest-5.15.122-1.mga8.x86_64.rpm kernel-desktop-latest-5.15.122-1.mga8.x86_64.rpm kernel-doc-5.15.122-1.mga8.noarch.rpm kernel-server-5.15.122-1.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-5.15.122-1.mga8-1-1.mga8.x86_64.rpm kernel-server-devel-latest-5.15.122-1.mga8.x86_64.rpm kernel-server-latest-5.15.122-1.mga8.x86_64.rpm kernel-source-5.15.122-1.mga8-1-1.mga8.noarch.rpm kernel-source-latest-5.15.122-1.mga8.noarch.rpm kernel-userspace-headers-5.15.122-1.mga8.x86_64.rpm lib64bpf0-5.15.122-1.mga8.x86_64.rpm lib64bpf-devel-5.15.122-1.mga8.x86_64.rpm perf-5.15.122-1.mga8.x86_64.rpm virtualbox-kernel-5.15.122-desktop-1.mga8-7.0.10-1.1.mga8.x86_64.rpm virtualbox-kernel-5.15.122-server-1.mga8-7.0.10-1.1.mga8.x86_64.rpm virtualbox-kernel-desktop-latest-7.0.10-1.1.mga8.x86_64.rpm virtualbox-kernel-server-latest-7.0.10-1.1.mga8.x86_64.rpm xtables-addons-kernel-5.15.122-desktop-1.mga8-3.23-1.23.mga8.x86_64.rpm xtables-addons-kernel-5.15.122-server-1.mga8-3.23-1.23.mga8.x86_64.rpm xtables-addons-kernel-desktop-latest-3.23-1.23.mga8.x86_64.rpm xtables-addons-kernel-server-latest-3.23-1.23.mga8.x86_64.rpm
No regressions noticed in either of my x8t_64 systms, aarch64 rpi 4b, i586 and vb guests. In the x86_64 laptop cpuinfo has ... cpu family : 23 model : 96 model name : AMD Ryzen 7 4800H with Radeon Graphics Running the zenbleed poc shows Spawning 8 Threads... zenbleed: failed to start thread on specifed code 1: Success before and after the kernel or prior microcode update.
CC: (none) => davidwhodgins
cpu family : 23 model : 104 model name : AMD Ryzen 5 5500U with Radeon Graphics Before installing these updates the zenbleed PoC generated reams of output. After installing these updates it outputs % ./zenbleed *** EMBARGOED SECURITY ISSUE -- DO NOT DISTRIBUTE! *** ZenBleed Testcase -- taviso@google.com NOTE: Try -h to see configuration options Spawning 12 Threads... Thread 0x7f4efd6ce640 running on CPU 0 Thread 0x7f4efcecd640 running on CPU 1 Thread 0x7f4efc6cc640 running on CPU 2 Thread 0x7f4efaec9640 running on CPU 5 Thread 0x7f4efb6ca640 running on CPU 4 Thread 0x7f4ef9ec7640 running on CPU 7 Thread 0x7f4efa6c8640 running on CPU 6 Thread 0x7f4ef8ec5640 running on CPU 9 Thread 0x7f4ef96c6640 running on CPU 8 Thread 0x7f4ee3fff640 running on CPU 10 Thread 0x7f4efbecb640 running on CPU 3 Thread 0x7f4ee37fe640 running on CPU 11 and the journal contains kernel: Zenbleed: please update your microcode for the most optimal fix No regressions noted so far.
CC: (none) => mageia
Mageia8, x86_64 AMD Ryzen 7 5700U Installed all the files and rebooted. Searched for the PoC https://github.com/google/security-research/blob/master/pocs/cpus/zenbleed/README.md Don't know how to use git so downloaded all the files individually and ran make. $ make Makefile:1: *** target pattern contains no '%'. Stop. What now?
CC: (none) => tarazed25
I downloaded the PoC from here: https://web.archive.org/web/20230724160509/https://lock.cmpxchg8b.com/files/zenbleed-v5.tar.gz then tar xf zenbleed-v5.tar.gz cd zenbleed make ./zenbleed You will need gcc and nasm installed.
I used "wget https://seclists.org/oss-sec/2023/q3/att-59/zenbleed-v5_tar.gz" to get it, then tar -xf zenbleed..., cd zenbleed, make, ./zenbleed to run it.
After removing nosmt=force from the kernel options on my laptop from comment 1, zenbleed is using 100% (or slightly less for short periods) cpu on all 16 cores. $ ./zenbleed *** EMBARGOED SECURITY ISSUE -- DO NOT DISTRIBUTE! *** ZenBleed Testcase -- taviso@google.com NOTE: Try -h to see configuration options Spawning 16 Threads... Thread 0x7fc62cbf5640 running on CPU 8 <snip> Thread 0x7fc6293ee640 running on CPU 15 I killed it after 10 minutes with no further output. That's with kernel and microcode updates.
Thanks for the pointers. Note: No microcode update. Using server kernel - linus later. $ ./zenbleed *** EMBARGOED SECURITY ISSUE -- DO NOT DISTRIBUTE! *** [...] Spawning 16 Threads... Thread 0x7f5434f2e640 running on CPU 0 ... Thread 0x7f5410ff9640 running on CPU 15 Thread 0x7f54117fa640 running on CPU 14 # journalctl | grep Zenbleed Jul 25 20:59:42 rutilicus kernel: Zenbleed: please update your microcode for the most optimal fix gkrellm shows solid 99-100% CPU usage on all cores. Killed it after a while. Installed microcode and repeated test. Same output as before and advice in the journal to update microcode.
My newest AMD processor is an A8-4555M, which as I misunderstand it is unenlightened where any kind of Zen is concerned, so should be unaffected by this issue. Testing the kernel anyway... HP Pavilion 15, AMD A8-4555M APU, AMD HD 7600G graphics, MGA8-64 Plasma system. Updated desktop kernel and microcode in one operation. Did my usual kernel testing, no issues noted.
CC: (none) => andrewsfarm
Keywords: (none) => advisory
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK, MGA8-32-OKCC: (none) => sysadmin-bugs
5.15.122-desktop-1.mga8 x86_64 10-Core Intel Core i9-7900X NVIDIA GP102 [GeForce GTX 1080 Ti] Intel Ethernet I219-V driver: e1000e Running Mate for several hours. No issues.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0242.html
Status: NEW => RESOLVEDResolution: (none) => FIXED