Some AMD Zen 2 chips have still not had an important security patch, but this appears to be finally happening, at least for those with MSI motherboards, who are now receiving a firmware update to patch against Zenbleed attacks.
This is a BIOS update which comes with AMD’s AM4 AGESA 1.2.0.Ca that packs mitigations against Zenbleed. The CPUs in question are actually technically Zen 2 APUs – all-in-one chips with integrated graphics – from the Ryzen 4000 family (codenamed Renoir).
So, if you’re running one of those Ryzen 4000 processors in an MSI motherboard with the AM4 (last-gen) chipset, you’ll want to pick up this firmware update.
It’s rolling out as we type, and Tom’s Hardware, which spotted this, observes it’s available for almost every MSI X570 motherboard at this point, and it’s being delivered to B550 along with other 500 and 400 series boards too – but it may take longer to reach those.
The vulnerability patched is CVE-2023-20593 which is rated with a “medium” level of severity, but it can be leveraged to “potentially access sensitive information” on your PC, which wouldn’t be good if it happened, doubtless.
Analysis: A long haul for patching – and it’s still not quite over
The weird thing about this is how long it has taken for certain Zen 2 CPUs to get the necessary protection from this potential exploit. Defenses were implemented in previous AGESA updates from AMD for Ryzen 3000 CPUs, and other Zen 2 chips besides, quite some time ago.
With Ryzen 4000 variants of Zen 2 now being addressed, that covers all bases (except for certain Ryzen embedded chips, which are quite a different kettle of silicon – and even then, the fix for those is supposedly due imminently).
{ window.reliablePageLoad.then(() => { var componentContainer = document.querySelector(“#slice-container-newsletterForm-articleInbodyContent-iRqoAtyWPK5esXg2iTCDfD”); if (componentContainer) { var data = {“layout”:”inbodyContent”,”header”:”Get daily insight, inspiration and deals in your inbox”,”tagline”:”Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.”,”formFooterText”:”By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.”,”successMessage”:{“body”:”Thank you for signing up. You will receive a confirmation email shortly.”},”failureMessage”:”There was a problem. Please refresh the page and try again.”,”method”:”POST”,”inputs”:[{“type”:”hidden”,”name”:”NAME”},{“type”:”email”,”name”:”MAIL”,”placeholder”:”Your Email Address”,”required”:true},{“type”:”hidden”,”name”:”NEWSLETTER_CODE”,”value”:”XTR-D”},{“type”:”hidden”,”name”:”LANG”,”value”:”EN”},{“type”:”hidden”,”name”:”SOURCE”,”value”:”60″},{“type”:”hidden”,”name”:”COUNTRY”},{“type”:”checkbox”,”name”:”CONTACT_OTHER_BRANDS”,”label”:{“text”:”Contact me with news and offers from other Future brands”}},{“type”:”checkbox”,”name”:”CONTACT_PARTNERS”,”label”:{“text”:”Receive email from us on behalf of our trusted partners or sponsors”}},{“type”:”submit”,”value”:”Sign me up”,”required”:true}],”endpoint”:”https://newsletter-subscribe.futureplc.com/v2/submission/submit”,”analytics”:[{“analyticsType”:”widgetViewed”}],”ariaLabels”:{}}; var triggerHydrate = function() { window.sliceComponents.newsletterForm.hydrate(data, componentContainer); } if (window.lazyObserveElement) { window.lazyObserveElement(componentContainer, triggerHydrate); } else { triggerHydrate(); } } }).catch(err => console.log(‘Hydration Script has failed for newsletterForm-articleInbodyContent-iRqoAtyWPK5esXg2iTCDfD Slice’, err)); }).catch(err => console.log(‘Externals script failed to load’, err)); ]]>
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Mind you, even with the new AGESA 1.2.0.Ca released for systems with Ryzen 4000 APUs, not every motherboard vendor has pushed this out in a firmware update yet. Notably Gigabyte is still yet to move on this front, at least going by feedback on Reddit, but the firm should do soon enough, you’d imagine. There’s certainly no reason to delay any further.
