AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4 (Updated)

4 min read Original article ↗
Ryzen die
(Image credit: Fritchenz Fritz)

Update 7/24/23 5:40pm PT: Added a statement from Google and also a full list of all impacted processors and the expected dates for patches for each model.

Update 7/24/23 1:30pm PT:

AMD has responded with key details and published a security advisory with the expected dates for new firmwares, many of which don't arrive until the end of the year. We have added that information to the original article below. 

Original Article Published 7/24/23 8:45am PT:

This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file," says Ormandy.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Swipe to scroll horizontally

ProcessorAgesa FirmwareAvailability to OEMsMicrocode
2nd-Gen AMD EPYC Rome ProcessorsRomePI 1.0.0.HNow0x0830107A
Ryzen 3000 Series “Matisse”ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.C Target Dec 2023 for both?
Ryzen 4000 Series "Renoir" AM4ComboAM4v2PI_1.2.0.C Target Dec 2023?
Threadripper 3000-Series "Caslle Peak"CastlePeakPI-SP3r3 1.0.0.ATarget Oct 2023?
Threadripper PRO 3000WX-Series "Castle Peak"CastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.7Target Nov 2023 | Target Dec 2023?
Ryzen 5000 Series Mobile "Lucienne"CezannePI-FP6_1.0.1.0Target Dec 2023?
Ryzen 4000 Series Mobile "Renoir"RenoirPI-FP6_1.0.0.DTarget Nov 2023?
Ryzen 7020 Series "Mendocino"MendocinoPI-FT6_1.0.0.6Target Dec 2023?

Below, we have a more detailed list with the model number of each impacted chip and the expected data for the new AGESA to arrive. AMD's AGESA is a code foundation upon which the OEMs build BIOS revisions. You will need to update to a BIOS with the above-listed AGESA code, or newer, to patch your system.

“We are aware of the AMD hardware security vulnerability described in CVE-2023-20593, which was discovered by Tavis Ormandy, a Security Researcher at Google, and we have worked with AMD and industry partners closely. We have worked to address the vulnerability across Google platforms.” - Google spokesperson to Tom's Hardware.Ormandy says he reported the issue to AMD on May 15, 2023. Ormandy also credits his colleagues; "I couldn’t have found it without help from my colleagues, in particular Eduardo Vela Nava and Alexandra Sandulescu. I also had help analyzing the bug from Josh Eads."

Swipe to scroll horizontally

Desktop CPUNew Agesa Firmware VersionPatch Due
Ryzen 3 3100ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 3 3300XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 3 4100ComboAM4v2PI_1.2.0.CNov 2023
Ryzen 3 4300GComboAM4v2PI_1.2.0.CDec 2023
Ryzen 3 4300GEComboAM4v2PI_1.2.0.CDec 2023
Ryzen 4700SComboAM4v2PI_1.2.0.CNov 2023
Ryzen 5 3500ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 5 3500XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 5 3600ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 5 3600XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 5 3600XTComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 5 4500ComboAM4v2PI_1.2.0.CNov 2023
Ryzen 5 4600GComboAM4v2PI_1.2.0.CDec 2023
Ryzen 5 4600GEComboAM4v2PI_1.2.0.CDec 2023
Ryzen 7 3700XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 7 3800XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 7 3800XTComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 7 4700GComboAM4v2PI_1.2.0.CDec 2023
Ryzen 7 4700GEComboAM4v2PI_1.2.0.CDec 2023
Ryzen 9 3900ComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 9 3900XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 9 3900XTComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen 9 3950XComboAM4v2PI_1.2.0.C | ComboAM4PI_1.0.0.CDec 2023
Ryzen Threadripper 3960XCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.9Nov 2023 / Dec 2023
Ryzen Threadripper 3970XCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.8Nov 2023 / Dec 2023
Ryzen Threadripper 3990XCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.7Nov 2023 / Dec 2023
Ryzen Threadripper Pro 3945WXCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.13Nov 2023 / Dec 2023
Ryzen Threadripper Pro 3955WXCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.12Nov 2023 / Dec 2023
Ryzen Threadripper Pro 3975WXCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.10Nov 2023 / Dec 2023
Ryzen Threadripper Pro 3995WXCastlePeakWSPI-sWRX8 1.0.0.C | ChagallWSPI-sWRX8 1.0.0.11Nov 2023 / Dec 2023

Swipe to scroll horizontally

Mobile CPUNew Agesa Firmware VersionPatch Due
Ryzen 3 4300URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 3 5300UCezannePI-FP6_1.0.1.0Dec 2023
Ryzen 3 7320UMendocinoPI-FT6_1.0.0.6Dec 2023
Ryzen 5 4500URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 5 4600HRenoirPI-FP6_1.0.0.DNov 2023
Ryzen 5 4600HSRenoirPI-FP6_1.0.0.DNov 2023
Ryzen 5 4600URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 5 4680URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 5 5500UCezannePI-FP6_1.0.1.0Dec 2023
Ryzen 5 7520UMendocinoPI-FT6_1.0.0.6Dec 2023
Ryzen 7 4700URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 7 4800URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 7 4980URenoirPI-FP6_1.0.0.DNov 2023
Ryzen 7 5700UCezannePI-FP6_1.0.1.0Dec 2023
Ryzen 9 4900HRenoirPI-FP6_1.0.0.DNov 2023
Ryzen 9 4800HRenoirPI-FP6_1.0.0.DNov 2023
Ryzen 9 4800HSRenoirPI-FP6_1.0.0.DNov 2023
Ryzen 9 4900HSRenoirPI-FP6_1.0.0.DNov 2023

Swipe to scroll horizontally

Server CPUNew Agesa Firmware VersionPatch Available
EPYC 7232PRomePI 1.0.0.HNow
EPYC 7252RomePI 1.0.0.HNow
EPYC 7262RomePI 1.0.0.HNow
EPYC 7272RomePI 1.0.0.HNow
EPYC 7282RomePI 1.0.0.HNow
EPYC 7302RomePI 1.0.0.HNow
EPYC 7302PRomePI 1.0.0.HNow
EPYC 7352RomePI 1.0.0.HNow
EPYC 7402RomePI 1.0.0.HNow
EPYC 7402PRomePI 1.0.0.HNow
EPYC 7452RomePI 1.0.0.HNow
EPYC 7502RomePI 1.0.0.HNow
EPYC 7502PRomePI 1.0.0.HNow
EPYC 7532RomePI 1.0.0.HNow
EPYC 7542RomePI 1.0.0.HNow
EPYC 7552RomePI 1.0.0.HNow
EPYC 7642RomePI 1.0.0.HNow
EPYC 7662RomePI 1.0.0.HNow
EPYC 7702RomePI 1.0.0.HNow
EPYC 7702PRomePI 1.0.0.HNow
EPYC 7742RomePI 1.0.0.HNow
EPYC 7F32RomePI 1.0.0.HNow
EPYC 7F52RomePI 1.0.0.HNow
EPYC 7F72RomePI 1.0.0.HNow
EPYC 7H12RomePI 1.0.0.HNow

Paul Alcorn is the Editor-in-Chief for Tom's Hardware US. He also writes news and reviews on CPUs, storage, and enterprise hardware.