It was discovered that under specific microarchitectural circumstances, a register in "Zen 2" CPUs might not be written to 0 correctly, potentially causing data from another process and/or thread to be stored in the YMM register (CVE-2023-20593, also known as Zenbleed).

This vulnerability could result in the exposure of sensitive data. 

Updated microcode packages that mitigate this flaw are now available for Amd Epyc gen 2 CPUs. Other Zen 2-based CPUs will get their microcode update later when AMD has fixed and validated the microcodes. Given that this bug poses a severe threat to the confidentiality of sensitive information, it is crucial that all impacted users apply the updates issued by Debian, Debian LTS, Fedora, Mageia, Oracle, Slackware, SUSE and Ubuntu now to prevent potential compromise of their critical data.

To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).