Zenbleed - What you need to know

Mark Bower
VP Product, Anjuna
Published on
Aug 7, 2023
Researchers recently uncovered a mechanism to leak a small amount of data under very specific conditions from certain AMD processors.

Researchers recently uncovered a mechanism to leak a small amount of data under very specific conditions from certain AMD processors. This document provides information about the recently reported “Zenbleed” vulnerability which affects some AMD processors. 

Anjuna’s products are not affected by the Zenbleed vulnerability.

According to AMD, there are no known instances of exploitation.  It is important to note also that the circumstances of the attack require very particular lab conditions. The issue was discovered by researchers using “fuzzing” techniques - essentially applying chaotic and random instructions to CPU’s to crash them. Enterprise applications are unlikely to follow such a pattern of instruction behavior under regular workloads. However, for data center users, mitigations are already available from AMD to deploy and are strongly recommended to close this issue.


  • CVE ID: CVE-2023-20593
  • Description: Under specific microarchitectural circumstances, an issue in “Zen 2” CPUs may allow an attacker to access sensitive information potentially.
  • Source: Advanced Micro Devices Inc.
  • NVD Published: 07/24/2023
  • NVD Updated: 07/27/2023
  • AMD’s analysis for this vulnerability

At a high level, the issue relates to manipulating branch prediction and setting up very specific register conditions to create a small window for limited data leakage.

  • According to AMD, “Under specific microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

These conditions include:

  • Local code execution. An attacker needs to be able to execute arbitrary code on the same physical processor to exploit this vulnerability.
  • Per details of the issue, a specific sequence of unusual memory, instruction and register events needs to take place, for example, random instructions that match the specific outlined sequence.

Affected processors include consumer Ryzen processors and data center EPYC processors, specifically:

  • EPYC 7002 - Data center processors
  • Ryzen 3000, 4000, 5000 Series desktop, Laptop and consumer processors. Details are here, along with AMD’s timeline for updates.
  • This did not affect AMD-SEV-SNP processors (Milan processors)

The good news is that AMD has issued patches already for AMD-SEV EPYC 7002 data center processors. Details here.

Am I at Risk?

The primary question everyone wants answers to is “am I at risk?”. While the vulnerability is real, the conditions needed to exploit it are extremely narrow: an attacker needs to be able to execute arbitrary code on the same physical (and unpatched) processor. In the public cloud, providers like AWS and GCP have already mitigated this vulnerability so that other tenants cannot exploit it. If you run your own single-tenant datacenter, an attacker with arbitrary code execution can likely already perform far more damaging attacks unrelated to Zenbleed. 

In the confidential computing world, processors which support AMD SEV-SNP, like Azure, are not affected by Zenbleed.

In general, confidential computing is already designed for hardware-based isolation. For similar future vulnerabilities, remote attestation capabilities of confidential computing can be used to prevent supply chain attacks which insert malicious code - preventing the exploit. 

In the end, hardware-level vulnerability research benefits us all and continuously advances the security of processor infrastructure. Many research attacks like this may grab attention in a headline, but in practice represent an very low risk of exploitation, requiring unusual levels of access, or particular configurations and sequences of instructions.

Wrap up and Hyperscaler responses

Finally, here’s are links to the Hyperscalers notifications on this issue, and our guidance when using Anjuna with their confidential computing platforms, which can be seen, is not affected or impacted.


Customers may use an AMD processor-based machine when running Anjuna’s solution on top of AWS Nitro Enclaves.

As stated by AWS, AWS is aware of CVE-2023-20593, otherwise known as "Zenbleed", and can confirm this issue affected AMD “Zen 2”, also known as “Rome”, CPUs that power the C5a, C5ad, G4ad, and G5 instance families. Because of the design of the EC2 Nitro hypervisor, there is no risk of cross-instance data access. The updated microcode from AMD has been applied to all C5a, C5ad, G4ad, and G5 instances. No action is required from customers using these instance types.


Anjuna’s solution for Confidential Containers for AMD SEV-SNP on Azure is on top of AMD SEV-SNP processors that are not affected by the vulnerability as mentioned by AMD.


As stated by GCP, AMD has released a microcode update that addresses a hardware security vulnerability (CVE-2023-20593). Google has applied the necessary fixes for this vulnerability to its server fleet, including servers for the Google Cloud Platform.

More like this
Get Started Free with Anjuna Seaglass

Try free for 30 days on AWS, Azure or Google Cloud, and experience the power of intrinsic cloud security.

Start Free