AMD has discovered numerous important safety vulnerabilities affecting BIOS chips on Zen-based totally systems. These vulnerabilities impact a variety of CPUs, spanning from the authentic Zen chips to the ultra-modern Zen four processors. Unfortunately, no longer all affected chips have get admission to a BIOS replace to deal with the issue.
The vulnerabilities compromise the safety of the SPI interface, which connects to the flash chip storing the BIOS. They have an effect on different generations of Zen CPUs, even though not all processors are prone to all 4 insects.
To address these vulnerabilities, AMD is rolling out patches through new versions of AGESA, the bottom code for motherboard BIOSes. However, now not all motherboard carriers have released updates with the patched AGESA.
Despite being distinct, all four vulnerabilities middle around the SPI interface connecting the CPU to the motherboard chip storing the gadget firmware. Exploiting those vulnerabilities could permit hackers to carry out denial of service assaults, improve privileges, and even execute arbitrary code. Arbitrary code execution poses a specifically regarding danger, because it involves tricking a pc into strolling any code, which could potentially result in diverse malicious actions.
However, it's essential to be aware that any assault might require nearby access to the affected device, meaning that exploiting the vulnerability could require a specially vigilant attacker.
Addressing those vulnerabilities entails updating the AGESA, that is a critical part of the BIOS for AMD CPUs. AMD has already released new AGESA versions for maximum of its processors. For Zen 2-primarily based chips, many of those new AGESAs also cope with Zenbleed, a vulnerability disclosed last yr. However, protecting against Zenbleed requires version 1.2.Zero.C of AGESA, further to the contemporary model.
The cutting-edge AGESA variations also defend Epyc CPUs, and Threadripper received its AGESA replace in January. Notably, Threadripper 7000 isn't noted inside the disclosure, suggesting that AMD may additionally have addressed the vulnerabilities earlier than delivery its today's HEDT CPUs with an improper AGESA. Only of AMD's embedded CPUs are but to acquire a secure AGESA, that is predicted to arrive in April.
zen bleed affected cpus
amd zen 2
amd zen bleed
amd zen bleed reddit
ryzen zen 2 cpu list
amd zen bleed fix
amd zenbleed patch
ryzen zenbleed