Zenbleed (CVE-2023-20593)

SLIM VIDEO UPDATE! For over a year I accidentally recorded my video stretched in width. It's fixed now

LiveOverflow

Note to self: the parts of microarchitecture that made my brain hurt when learning about them are where all the worst vulnerabilities live

dooterino

It always makes my mind bend that the CPU manufacturers just made a smaller compiler/software stack inside of hardware to run the actual software we see faster.

VaradMahashabde

If everybody would just use the same password, we wouldn’t have to worry about this.

thecircusby

The PC I'm watching this on happens to have a Zen 2 CPU, so I tried the exploit code in a VM.
Sure enough, I found strings that definitely belong to the host machine, including HTTP header data for my browser fetching this very video.
So I just hypervisor-leaked myself with this. Interesting and scary stuff.

KingOfSandvich

You can feel the satisfaction of the person who optimized strcmp to use avx instructions. And also the satisfaction of the person who came up with that zero flag in the register file.
And then the satisfaction of Tevis who came up to use these creatively 😂

MeriaDuck

My world is shattered. What do you MEAN registers aren't physical location on chips anymore. One of those things i've always thought is that eventually computers are going to be limited because of the times it takes to send data from 1 register to another because of the physical distance between them.






Admittedly this is way more clever and really cool. Engineers can really do some crazy surprising things when you let em :)

peterjohansson

In my opinion, services that rent out hardware should absolutely inform and educate their customers. Imagine if a vehicle manufacturer had a critical issue with their product and a rental service just rented out the vehicles without informing people or fixing it. I realize it's not a great metaphor but hopefully you get the gist of my perspective.

kellysmith

I was really into assembly back in the x86 days, fascinating to see how CPU internals have increasingly become software that's compiled into silicon.

phasm

This is the best liveoverflow video so far, this is the kind of content we who wants the lower level look on issues want, thanks a lot fab <3

SIGSEGV

This video/series is amazing! I knew the basics of assembly before, but learning about Zenbleed and other similar vulns has always intimidated me, because they seem so complex at first (and they are!).
This is the first time I feel like I understand a hardware vulnerability of this type. Thank you for this explaination :)

pesaventofilippo

Oh amazing. That registers explanation makes the register renaming just click instantly. Didn't know they were implemented that way.

StereoBucket

My mind was blown when you told me registers work like that. I didn't even learn this in college so these video's are a fantastic source of education. Thank you so so much! <3

jaspersmit

Great video! Small point though, at 13:21, the upper 96 bits of the XMM register are maintained (see the line before the underline); it's the upper 128 bits of the corresponding YMM register that are zeroed. XMM merge optimizations allow the CVTSI2SS instruction to run out of order if it's known that some number of upper bits of XMM are 0

SiyuJiang

Fascinating discovery good work bringing this CVE to peoples attention in such a thoroughly explained manner.

FueledbyJohn

Your Packagemanager of choice should automagically install the new microcode
Fun fact: the Microcode can be patched without rebooting: Microcode should be applied as early as possible, it should be one of the first things your OS does when booting and if you install a new version you shouldn't wait for the next reboot to apply it

herkulessi

Amazing video LiveOverflow. These concepts are really new (for me), like register renaming, speculative execution, merge optimization and the explanation you gave was really onpoint

cygmoid

This was effing GREAT! Man, I feel like I could talk with Tavis for hours!
Great job, both of you!

WyrdieBeardie

Thank you for the explanations in this video. The complexity and the mechanisms under the hood are blowing my mind.

calopii

So: Humans have a thing they want to do, and they optimize the heck out of that and turn it into code. Compiler takes the code and after optimizing the heck out of it, turns it into assembly. Assembler then takes it, optimizes the heck out of if and turns it into machine code. The CPU takes the machine code, _optimizes the heck out of that_ and runs it in ... uh, an architecture and micro-architecture specific execution pipeline which takes every shortcut and guess it can? WCPGW? Yeah, a breeding ground for bugs (all mentioned levels, actually).

Again, thanks for covering Zenbleed. This video was even more interesting than the previous (I actually thought the assembly part would be boring, but oh no...) I'm out of vocabulary, and my brain is out of breath. I assumed all registers a CPU has are fixed in the chip, but there goes that old piece of knowledge. (I knew about the zero register in RISC-V but that's used differently.)

mattiviljanen