Impact
An use-after-free issue in AMD Zen 2 CPU's, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Patches
AMD has released microcode updates for some of the affected CPU's. Talos would be shipping 6.1.41 version of the upstream Linux kernel (6.1 is the upstream Kernel long term version Talos ships with). Talos >= v1.4.7 is shipped with Linux Kernel 6.1.41 providing a software workaround by setting the chicken bit where firmware microcode fix is not available yet.
Talos extension update for AMD ucode version contains microcode updates for ZenBleed.
Workarounds
All users running Talos with un-trusted or shared workloads on affected AMD CPU's must upgrade based on the threat model.
References
Impact
An use-after-free issue in AMD Zen 2 CPU's, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Patches
AMD has released microcode updates for some of the affected CPU's. Talos would be shipping 6.1.41 version of the upstream Linux kernel (6.1 is the upstream Kernel long term version Talos ships with). Talos >= v1.4.7 is shipped with Linux Kernel 6.1.41 providing a software workaround by setting the chicken bit where firmware microcode fix is not available yet.
Talos extension update for AMD ucode version contains microcode updates for ZenBleed.
Workarounds
All users running Talos with un-trusted or shared workloads on affected AMD CPU's must upgrade based on the threat model.
References