๐ Zenbleed (CVE-2023-20593)
๐ก Newskategorie: IT Security Video
๐ Quelle: youtube.com
Author: LiveOverflow - Bewertung: 6124x - Views:135791
Let's explore the "most exciting" CPU vulnerability affecting Zen2 CPUs from AMD.
Watch part 1 about fuzzing: https://www.youtube.com/watch?v=neWc0H1k2Lc
buy my font (advertisement): https://shop.liveoverflow.com/
This video is sponsored by Google: https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html
Original Zenbleed Writeup: https://lock.cmpxchg8b.com/zenbleed.html
Grab the code: https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed
cvtsi2ss: https://www.felixcloutier.com/x86/cvtsi2ss.html
AMD Security Bulletin: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
RIDL Video: https://www.youtube.com/watch?v=x_R1DeZxGc0
Tavis Ormandy: https://twitter.com/taviso
Chapters:
00:00 - Intro
02:27 - zenleak.asm Patterns
03:56 - The C Exploit Code
05:20 - Assembly Generation with Compiler Preprocessor
07:40 - What are XMM and YMM Registers?
11:56 - Zenbleed: Trigger Merge Optimization
14:28 - Register File & Register Allocation Table
16:39 - Register Renaming
17:55 - Speculative Execution
18:55 - vzeroupper and SSE & AVX History
21:22 - Zenbleed Explanation
23:55 - How to fix Zenbleed?
=[ โค๏ธ Support ]=
โ per Video: https://www.patreon.com/join/liveoverflow
โ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ ๐ Social ]=
โ Twitter: https://twitter.com/LiveOverflow/
โ Streaming: https://twitch.tvLiveOverflow/
โ TikTok: https://www.tiktok.com/@liveoverflow_
โ Instagram: https://instagram.com/LiveOverflow/
โ Blog: https://liveoverflow.com/
โ Subreddit: https://www.reddit.com/r/LiveOverflow/
โ Facebook: https://www.facebook.com/LiveOverflow/