Impact
Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure.
Patches
Microcode updates are not yet available as of 10th August 2023 (Some have been merged to linux-fimrware, but it's unclear if it covers the whole set of affected CPUs). Talos would be shipping 6.1.44 version of the upstream Linux kernel (6.1 is the upstream Kernel long term version Talos ships with). Talos >= v1.4.8 is shipped with Linux Kernel 6.1.44 providing a software workaround for RAS until microcode fix is available.
Talos extension update for AMD ucode version contains microcode updates for ZenBleed as published in GHSA-4ffv-x7jf-cv68
Workarounds
All users running Talos with untrusted or shared workloads on affected AMD CPU's must upgrade based on the threat model.
References
Impact
Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure.
Patches
Microcode updates are not yet available as of 10th August 2023 (Some have been merged to linux-fimrware, but it's unclear if it covers the whole set of affected CPUs). Talos would be shipping 6.1.44 version of the upstream Linux kernel (6.1 is the upstream Kernel long term version Talos ships with). Talos >= v1.4.8 is shipped with Linux Kernel 6.1.44 providing a software workaround for RAS until microcode fix is available.
Talos extension update for AMD ucode version contains microcode updates for ZenBleed as published in GHSA-4ffv-x7jf-cv68
Workarounds
All users running Talos with untrusted or shared workloads on affected AMD CPU's must upgrade based on the threat model.
References