WritingScalewayScalewaypublished Apr 7, 2021seen 5d

Zenbleed incident response and vulnerability mitigation

Open original ↗

Captured source

source ↗
sc
scaleway.com/scaleway.com/en/blog
Zenbleed incident response and vulnerability mitigation
Source ↗
published Apr 7, 2021seen 5dcaptured 3dhttp 200method plain

Zenbleed incident response and vulnerability mitigation Deploy • Daniel Maher • 25/07/23 • 2 min read

On 24 July 2023 at 14:28 UTC, a vulnerability known as Zenbleed was made public on the Openwall security mailing list. This vulnerability affects a number of AMD processors present in some—but not all—of our DEV1, GP1, and VC Instance offers. If exploited, the vulnerability could allow data to leak between instances, potentially exposing sensitive data if timed correctly.

Scaleway engaged our incident response process and by 17:20 UTC all affected machines were patched in order to mitigate the vulnerability.

You can check to see if your instance was patched by verifying the output of lscpu from the command line. If the model name is either of “AMD EPYC 7282" or "AMD EPYC 7402P”, you can expect a slight performance impact as a result of the mitigation. Furthermore, AMD have released an official microcode update for the affected processors and we will be applying that update over the course of the day (25 July 2023).

⚠️ Note that it is not possible to know whether the vulnerability was exploited on a given instance. If your instance was patched, we advise you to engage your incident response process—at a minimum, rotate your secrets and keep an eye on your logs and other observability tooling.

If you have further questions or concerns, feel free to open a support ticket or reach out on our public Slack community .

Recommended articles

Details of the fr-par-1 Load Balancer incident on April 7, 2021 On April 7 at 4:35 pm UTC, Scaleway encountered a major incident in the fr-par-1 Availability Zone that impacted our Load Balancer product. Post Mortem on the incident.

Deploy • Yann Rapaport • 07/06/21 • 13 min read

Tags list. Click to filter. Search by tag Datacenter Search by tag Post Mortem

Behind the scenes of the night our transformer shut down in our data center One night in September, a power transformer shut down in one of our Parisian data centers. Read on to find out what happened during this tense night.

Deploy • Hana Khelifa • 29/11/21 • 3 min read

Tags list. Click to filter. Search by tag Story Search by tag Datacenter Search by tag Post mortem

Eight essentials to make your account's security a priority Security is and will always be a two-way street: it requires effort from both the user and the platform. Learn best practices to secure your account.

Build • Cyril Petel • 12/01/23 • 9 min read

Tags list. Click to filter. Search by tag Security Search by tag Console Search by tag Scaleway Search by tag Best Practices Search by tag Identity Access Management Search by tag IAM