Friday, May 3rd 2024
AMD Patches Zenbleed Vulnerability with AGESA 1.2.0.Ca Update
AMD classified the Zenbleed vulnerability, CVE-2023-20593, as a medium-level threat about a year ago. AMD has acknowledged that it could potentially allow an attacker to access sensitive information under certain microarchitectural circumstances. Today, MSI has released new BIOS updates featuring AMD's AM4 AGESA 1.2.0.Ca firmware update. This update addresses the Zenbleed vulnerability affecting AMD's Ryzen 4000 series Zen 2 APUs. MSI is proactively rolling out the new BIOS updates across its range of compatible motherboards. The updates are currently available for almost all X570 motherboards, with support for other chipsets and 400 series motherboards expected to follow soon.
The AGESA 1.2.0.Ca firmware update specifically targets the Zenbleed vulnerability in the Zen 2 microarchitecture. Although the vulnerability primarily affects Ryzen 4000 "Renoir" APUs, it also exists in other Zen 2 processors, including the Ryzen 3000 series and certain EPYC and Threadripper CPUs. AMD has already addressed the Zenbleed vulnerability in previous AGESA microcode updates for Ryzen 3000 processors and other platforms, such as EPYC server CPUs and Ryzen mobile CPUs. However, the Ryzen Embedded V2000 CPUs are still awaiting the EmbeddedPi-FP6 1.0.0.9 AGESA firmware update, which is expected to be released by April. While AMD has not explicitly stated whether the security update will impact performance, previous testing of Zenbleed fixes has shown potential performance drops of up to 15% in certain workloads, although gaming performance remained relatively unaffected. Users with AM4 chips based on architectures other than Zen 2, such as Zen+ or Zen 3, do not need to update their BIOS as they are not affected by this specific vulnerability.
Source:
Tom's Hardware
The AGESA 1.2.0.Ca firmware update specifically targets the Zenbleed vulnerability in the Zen 2 microarchitecture. Although the vulnerability primarily affects Ryzen 4000 "Renoir" APUs, it also exists in other Zen 2 processors, including the Ryzen 3000 series and certain EPYC and Threadripper CPUs. AMD has already addressed the Zenbleed vulnerability in previous AGESA microcode updates for Ryzen 3000 processors and other platforms, such as EPYC server CPUs and Ryzen mobile CPUs. However, the Ryzen Embedded V2000 CPUs are still awaiting the EmbeddedPi-FP6 1.0.0.9 AGESA firmware update, which is expected to be released by April. While AMD has not explicitly stated whether the security update will impact performance, previous testing of Zenbleed fixes has shown potential performance drops of up to 15% in certain workloads, although gaming performance remained relatively unaffected. Users with AM4 chips based on architectures other than Zen 2, such as Zen+ or Zen 3, do not need to update their BIOS as they are not affected by this specific vulnerability.
30 Comments on AMD Patches Zenbleed Vulnerability with AGESA 1.2.0.Ca Update
Anyone willing to test and share their findings.
So technically you are not affected by this and should not lose any performance.
www.techpowerup.com/forums/threads/5800x3d-safe-from-zen-bleed.312055/
Some people reported similar on reddit.
ASUS/comments/1bw1wem
multiple times it got stuck on powering up/reboot and i had to use (case) reboot to get it to post.
so far it seems to within range when it comes to perf, but still saw numbers being a little lower than prior test runs
with a "dirty" os, only tested CB adn 3DMark tho.
I have an ASUS ROG Strix B550-I that still does not have the latest AGESA on the ASUS support website.
I have experienced that symptom when OC'ing CPU core(s) and forgot to enable CPU LLC, but that was with my Core 2 Duo E4500. But when I was in Windows, stability tests would pass.
stable running pbo (170/120/140) on 5950x plus 2.2 GHz on the gpu,
but now suddenly cant handle everything on stock (incl jedec for ram)?
doubt that, if the only change is a bios update.
but nothing im worried about, as im finished with clean install, and will go AMP soon.
kind of surprised, as i used msi for almost all of my friends/customer ryzen builds,
and having gone thru multiple bios releases, never had any issues,
except one beta.
gonna leave it for now, but technically speaking i wont need it,
so just might go back to v18..
thats the (old) "latest" for those not affected, 1.2.C is the security fix for pre 5000 series,
unless you're using d-sub (included fix), no need to install C on yours.
Imagine sacrificing 15% of your CPU power because of some remote, highly conditional vulnerability that you don't even care about on your gaming PC.
These patches need to be optional (as in, optional when updating)! Preferably in BIOS settings.
Also, are these patches another way of achieving the ability to claim "Our Zen5 CPUs are 80% more powerful than Zen2" or the like? Not nice they are basically nerfing the old platforms. At least the update is optional.
except that +80% of gamers are gpu limited, hence it wont matter.
and if your system needs 15% more cpu to be able to run a game,
its probably a good idea to "upgrade" anyway..
@R-T-B
except for those in 3rd world countries that might not have heard much about the patched part,
and bought some "hacking" package to make some money.
sure this isnt something here, but if its something affecting me, i wont rely on the chance.
you except they would start with the top and go downwards,
or maybe they go by volume sold, as in covering more units.
definitely something up if used on 5000 series, event log full of critical issues,
only starting after 1.2.c was installed, and none since i downgraded back to 1.2.b.