Breaking News

Some AMD Zen 2 CPUs finally get defenses against Zenbleed security flaw – and it’s about time

Some AMD Zen 2 chips have still not had an important security patch, but this appears to be finally happening, at least for those with MSI motherboards, who are now receiving a firmware update to patch against Zenbleed attacks.

This is a BIOS update which comes with AMD’s AM4 AGESA 1.2.0.Ca that packs mitigations against Zenbleed. The CPUs in question are actually technically Zen 2 APUs – all-in-one chips with integrated graphics – from the Ryzen 4000 family (codenamed Renoir).

So, if you’re running one of those Ryzen 4000 processors in an MSI motherboard with the AM4 (last-gen) chipset, you’ll want to pick up this firmware update.

It’s rolling out as we type, and Tom’s Hardware, which spotted this, observes it’s available for almost every MSI X570 motherboard at this point, and it’s being delivered to B550 along with other 500 and 400 series boards too – but it may take longer to reach those.

The vulnerability patched is CVE-2023-20593 which is rated with a “medium” level of severity, but it can be leveraged to “potentially access sensitive information” on your PC, which wouldn’t be good if it happened, doubtless.


Analysis: A long haul for patching – and it’s still not quite over

The weird thing about this is how long it has taken for certain Zen 2 CPUs to get the necessary protection from this potential exploit. Defenses were implemented in previous AGESA updates from AMD for Ryzen 3000 CPUs, and other Zen 2 chips besides, quite some time ago.

With Ryzen 4000 variants of Zen 2 now being addressed, that covers all bases (except for certain Ryzen embedded chips, which are quite a different kettle of silicon – and even then, the fix for those is supposedly due imminently).

Mind you, even with the new AGESA 1.2.0.Ca released for systems with Ryzen 4000 APUs, not every motherboard vendor has pushed this out in a firmware update yet. Notably Gigabyte is still yet to move on this front, at least going by feedback on Reddit, but the firm should do soon enough, you’d imagine. There’s certainly no reason to delay any further.

You might also like

Go to Source
Author: