AMD finally patches gaping Zenbleed security hole — MSI releases AGESA 1.2.0.Ca BIOS update for Zen 2
AMD's new AGESA firmware update specifically fixes a security vulnerability affecting Zen 2 chips.
MSI has published new BIOS updates featuring AMD's AM4 AGESA 1.2.0.Ca firmware update aimed at Zenbleed attacks. The new firmware targets a vulnerability in AMD's Ryzen 4000 series Zen 2 APUs that "may allow an attacker to potentially access sensitive information."
It appears MSI is rolling out the new BIOS updates as we speak. The new firmware update is available on almost all X570 motherboards, but only a few of MSI's other chipsets and motherboards (including the 400 series) have the new firmware update at the time of writing.
AGESA 1.2.0.Ca specifically addresses Zen 2 vulnerability CVE-2023-20593, which is classified as a medium-level threat by AMD. Specific details on the threat itself were not disclosed, however, AMD does say that this threat can allow an attacker access to sensitive information "under specific microarchitectural circumstances".
Even though AGESA 1.2.0.Ca is targeted direction at Ryzen 4000 "Renior" APUs, the threat exists in all Zen 2 processors. It just happens that AMD already patched this security vulnerability in prior AGESA microcode updates — 1.2.0.C and 1.0.0.B, in Ryzen 3000 processors before it got around to rectifying the issue in the Ryzen 4000 series.
AMD has already patched the security threat for other Ryzen-based CPUs outside of the AM4 platform, including the Ryzen 3000 Threadripper HEDT chips, 7002 EPYC server CPUs, and Ryzen 4000, 5000, and 7020 series mobile CPUs (yes some Ryzen 7000 mobile parts are Zen 2-based). Apparently, the only Zen 2 platform that remains vulnerable is AMD's Ryzen Embedded V2000 CPus which was supposed to get the EmbeddedPi-FP6 1.0.0.9 AGESA firmware update by April.
AMD did not state if this new security update impacts performance. When we tested Zenbleed fixes previously, we found that while gaming was unaffected, other performance could drop as much as 15%.
To re-iterate, this specific vulnerability only affects Zen 2-based chips, so if you have an AM4 chip using a different architecture — like Zen+ or Zen 3, you don't need to update your BIOS.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.
-
Makaveli Some people are seeing performance improvements with this bios.Reply
https://www.reddit.com/r/ASUS/comments/1bw1wem/am4_motherboards_got_agesa_120ca_update_including/
I loaded it myself even though i'm on Zen 3 and I do finding windows seems alittle "snappier"
So I would still suggest checking it out if you are not on a Zen 2 processor. -
Makaveli
Asus released this almost a month ago so MSI is late to the party.evdjj3j said:AsRock has started releasing them too.