Elevated Zenbleed exploitation risk found in AWS environments

Sixty-two percent of Amazon Web Services environments are susceptible to attacks exploiting the Zenbleed use-after-free memory corruption flaw impacting all AMD Zen 2 processors, including Ryzen 3000, 4000, 5000, and 7020, as well as Epyc (Rome), reports SecurityWeek. Attackers could leverage the flaw, CVE-2023-20593, to facilitate privilege escalation or data access on the AWS environments with Elastic Compute Cloud instances running on the vulnerable chipsets, most of which were on the Epyc CPU for data centers, according to a report from Wiz. Project Zero researcher Tavis Ormandy, who discovered and reported the bug, earlier said that exploitation could result in the theft of passwords, encryption keys, and other sensitive information. Organizations using the chipsets impacted by Zenbleed have been advised by AMD to immediately implement AGESA firmware updates but other products are only expected to be updated against the flaw by the last quarter of the year.