Steam Deck Gets Belated Zenbleed Patch For AMD’s Vulnerability

An urgent pull request was sent out this weekend,to extend the Linux 6.5 kernel’s AMD Zenbleed vulnerability mitigation to Valve’s Steam Deck. It turns out that when the kernel was patched last month, mitigations weren’t implemented for Valve’s custom AMD SoC, sometimes known as Aerith, Phoronix first reported.

AMD’s Zen 2 product stack is pretty complicated, so it is hard to be critical of the Linux dev team. Zen 2 cores debuted with the well-known Ryzen 3000 chips, but the Zen 2 architecture can be also found in some Ryzen 4000 and 5000 processors, as well as Epyc server chips, the Sony PlayStation 5, in the Microsoft Xbox Series X/S consoles, and Valve’s Steam Deck.

It has been three weeks since news of the ‘Zenbleed’ vulnerability broke. The threat to AMD Zen 2 processor users seemed to be relatively severe. Zenbleed was shown to open up simple remote attack vectors, via JavaScript embedded in a webpage, for example. After successfully exploiting the Zenbleed vulnerability, an attacker could potentially learn your encryption keys or web logins.

(Image credit: Valve)

If you care to head on over and look at the notes of the pull request you will see that a developer notes that “the AMD Custom APU 0405 found on Steam Deck was not listed, although it is clearly affected by the vulnerability.” The dev then goes on to request the Steam Deck’s CPU is added to the Zenbleed list “in order to unconditionally enable the fallback fix until a proper microcode update is available.”

Chia sẻ cho bạn bè cùng đọc