Issue
The Zenbleed vulnerability, known as CVE-2023-20593, allows data to be stolen at a rate of 30kb per second for each CPU core. This means it can quickly and effectively steal sensitive information that the CPU is handling. The risk is widespread and affects all software that operates on the compromised processor, such as virtual machines, sandboxes, containers, and processes.
Environment
- CloudLinux 7
- CloudLinux 8
- AMD “Zen 2” CPUs microcode version < ''0x0830107a" or "0x08a00008"
Solution
- Update linux-firmware package:
For CloudLinux 7 tolinux-firmware-20200421-80.git78c0348.el7_9.cloudlinux
For CloudLinux 8 tolinux-firmware-20230404-117.git2e92a49f.el8_8.alma.1
- Update the CPU microcode:
# echo 1 > /sys/devices/system/cpu/microcode/reload
Note:
- It is not necessary to load microcode after the server restart. It will be loaded automatically during the server boot.
- CPU firmware/microcode can be updated/loaded only on a dedicated server or from hypervisor side.
- Microcode version can be fetched as follows:
# grep microcode /proc/cpuinfo
If you have a higher microcode version than mentioned in the Environment section, then it is probably included in the vendor's BIOS/UEFI firmware update.
Useful links
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
https://blog.cloudlinux.com/cloudlinux-takes-action-against-zenbleed-vulnerability-upcoming-patches
Comments
0 comments
Please sign in to leave a comment.