The very same reason that technology is a fascinating and stressful world at the same time is that there is always a security compromise and MOST OF THEM are made unwillingly due to brewing some advances, development method, etc.
Unfortunately, AMD is not immune to that and we got kind of a deja-vu with the Intel Spectre and Meltdown saga that plagued computing and industry in the past decade.
Tavis Ormandy from Google Information Security, published a discovery where a computer system built on some Ryzen processor, mainly Ryzen 5 3600 (popular with gaming budget), has a security hole that can be exploited to steal sensitive data like passwords and encryption keys.
Filed under CVE-2023-20593 as a “currently analyzing” its severity, it impact most of the Zen 2 family he AMD Ryzen 3000 / 4000 / 5000 / 7020 series, the Ryzen Pro 3000 / 4000 series, and AMD’s EPYC “Rome” data center processors.
Reportedly, Zenbleed exploit doesn’t require physical access to a user’s computer to attack their system, and can even be executed remotely through Javascript on a webpage. If successfully executed, the exploit allows data to be transferred at a rate of 30 kb per core, per second. That’s fast enough to steal sensitive data from any software running on the system, including virtual machines, sandboxes, containers, and processes.
All this brings back some back memories from the late 2010s with Spectre and Meltdown as Spectre works with data accessible architecturally to an application and Meltdown, relies on transient out of order instructions following an exception.
But fortunately for AMD and computing community using Ryzen processor, the hole can be patched with software without the technicalities that Intel went through Spectre and Meltdown as both security issue are not directly patchable directly on software, but they had to resort on adding additional instruction set to avoid both on manifesting which unfortunately is noticeable in performance (but better than nothing and plus if there failure in this case is physical hardware implementation).
AMD has already released a microcode patch for second-generation Epyc 7002 processors, though the next updates for the remaining CPU lines aren’t expected until October 2023 at the earliest. The company hasn’t disclosed if these updates will impact system performance, but some observers and expert pretty much expects performance impact as it was with Intel's case.