Google security
Google security researcher Tavis Ormandy has identified a CVE-2023-20593 vulnerability in AMD Zen2 processors. It can be used to track register contents while other processes are running on the same CPU core.
In the exploit, Ormandy shows how a user without privileges can expose data processed in AES-NI or REP-MOVS instructions.
This information can be used to recover encryption keys and passwords of privileged users processed in other processes. Data leakage performance reaches up to 30KB per second.
The attack can be performed from virtual machines and isolated environments.