What you need to know
- The 'Zenbleed' bug hits AMD's Zen 2 line-up specifically.
- The bug can leak user data in some cases.
- No fix is coming until Q4 of this year.
Yesterday a researcher with Google Information Security named Tavis Ormandy made a post on his blog about a not previously identified vulnerability that he found to be plaguing AMD's Zen 2 processors. This is a pretty big vulnerability that includes all of the Zen 2 line-up. That means Ryzen 2000/3000//4000/5000/7020 are all hit as well as EPYC "Rome" data center processors.
AMD explained in straightforward terms how this process actually works:
Tavis Ormandy notes that he alerted AMD of this 'Zenbleed' vulnerability on May 15, 2023 and that AMD has already released a microcode update for the affected processors. BIOS or Operating System vendors may already have an update available that includes this microcode update. It's worth noting that there's also a possibility that this will incur a performance cost.
The fix is mainly for AMD's EPYC "Rome" processors which only just rolled out. Ryzen 2000/3000//4000/5000/7020 consumers are unfortunately going to have to wait a lot longer, with fixes scheduled to arrive by November/December at the earliest. Tavis does provide a software workaround for those unable to apply the microcode update.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Dan is a tech contributor on Windows Central. A long time Xbox gamer and former partner on Microsoft's retired streaming platform Mixer, he can often be found crying into a cup of tea whilst thinking about Windows Phone. You can follow Dan on Twitter where you will find him talking about tech, Formula 1 and his latest victories in Battle Royale games.