AMD finally patches gaping Zenbleed security hole — MSI releases AGESA 1.2.0.Ca BIOS update for Zen 2

MSI has published new BIOS updates featuring AMD’s AM4 AGESA 1.2.0.Ca firmware update aimed at Zenbleed attacks. The new firmware targets a vulnerability in AMD’s Ryzen 4000 series Zen 2 APUs that “may allow an attacker to potentially access sensitive information.”

It appears MSI is rolling out the new BIOS updates as we speak. The new firmware update is available on almost all X570 motherboards, but only a few of MSI’s other chipsets and motherboards (including the 400 series) have the new firmware update at the time of writing.

AGESA 1.2.0.Ca specifically addresses Zen 2 vulnerability CVE-2023-20593, which is classified as a medium-level threat by AMD. Specific details on the threat itself were not disclosed, however, AMD does say that this threat can allow an attacker access to sensitive information “under specific microarchitectural circumstances”.

Even though AGESA 1.2.0.Ca is targeted direction at Ryzen 4000 “Renior” APUs, the threat exists in all Zen 2 processors. It just happens that AMD already patched this security vulnerability in prior AGESA microcode updates — 1.2.0.C and 1.0.0.B, in Ryzen 3000 processors before it got around to rectifying the issue in the Ryzen 4000 series.

AMD has already patched the security threat for other Ryzen-based CPUs outside of the AM4 platform, including the Ryzen 3000 Threadripper HEDT chips, 7002 EPYC server CPUs, and Ryzen 4000, 5000, and 7020 series mobile CPUs (yes some Ryzen 7000 mobile parts are Zen 2-based). Apparently, the only Zen 2 platform that remains vulnerable is AMD’s Ryzen Embedded V2000 CPus which was supposed to get the EmbeddedPi-FP6 AGESA firmware update by April.

AMD did not state if this new security update impacts performance. When we tested Zenbleed fixes previously, we found that while gaming was unaffected, other performance could drop as much as 15%.

To re-iterate, this specific vulnerability only affects Zen 2-based chips, so if you have an AM4 chip using a different architecture — like Zen+ or Zen 3, you don’t need to update your BIOS.