An urgent pull request was sent out this weekend,to extend the Linux 6.5 kernel’s AMD Zenbleed vulnerability mitigation to Valve’s Steam Deck. It turns out that when the kernel was patched last month, mitigations weren’t implemented for Valve’s custom AMD SoC, sometimes known as Aerith, Phoronix first reported.
AMD’s Zen 2 product stack is pretty complicated, so it is hard to be critical of the Linux dev team. Zen 2 cores debuted with the well-known Ryzen 3000 chips, but the Zen 2 architecture can be also found in some Ryzen 4000 and 5000 processors, as well as Epyc server chips, the Sony PlayStation 5, in the Microsoft Xbox Series X/S consoles, and Valve’s Steam Deck.
It has been three weeks since news of the ‘Zenbleed’ vulnerability broke. The threat to AMD Zen 2 processor users seemed to be relatively severe. Zenbleed was shown to open up simple remote attack vectors, via JavaScript embedded in a webpage, for example. After successfully exploiting the Zenbleed vulnerability, an attacker could potentially learn your encryption keys or web logins.
If you care to head on over and look at the notes of the pull request you will see that a developer notes that “the AMD Custom APU 0405 found on Steam Deck was not listed, although it is clearly affected by the vulnerability.” The dev then goes on to request the Steam Deck’s CPU is added to the Zenbleed list “in order to unconditionally enable the fallback fix until a proper microcode update is available.”
This last point is important to note. AMD hasn’t provided any of its official patches for Zenbleed as yet, except to the EPYC 7002 ‘Rome’ processors. Everyone else will have to wait until November / December this year. The chipmaker said that it is not aware of any Zenbleed exploits outside of the research environment. Some assume that microcode updates will be able to fix the Zenbleed vulnerability with little or fewer performance penalties than a software patch would, but that remains to be seen.
A performance decrease isn’t ideal for a gaming machine, but with access to web browsers from the Steam side and a full desktop on the KDE Plasma desktop side, the Steam Deck is a full-on Linux computer.
It seems like the favorite processor families of PC DIYers have been plagued with newly uncovered bugs recently. In addition to Zenbleed, last week we reported on both (Intel) Downfall and (AMD) Inception.