AMD's Zen 2 chips have a security bug that's getting patched between now and 2024

AMD Ryzen CPU with PGA pin configuration on gradient background
(Image credit: Future)

A security vulnerability has been uncovered in AMD processors built with the Zen 2 architecture. Spotted by a Google researcher, the so-called 'Zenbleed' vulnerability opens the door to a potential attacker and threatens the possibility of exposing sensitive information. Don't worry, there is a fix, but us gamers will have to wait around a little longer than our server-side pals to get hold of it.

Zenbleed affects all Zen 2 processors, which includes Ryzen 3000/4000, Threadripper 3000, Ryzen 4000/5000/7020 mobile, and Epyc Rome generations.

The vulnerability, as described by AMD in a security bulletin, occurs "Under specific microarchitectural circumstances, a register in 'Zen 2' CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information."

The vulnerability is listed as "Medium" severity by AMD, however, its CVE (CVE-2023-20593) is not currently rated.

The vulnerabilities' discoverer, Tavis Ormandy, goes into greater detail on how the exploit works in their blog post. They believe the reason they discovered the bug, as opposed to AMD in post-silicon validation, is because they don't come from an electrical engineering background, oddly enough. They thank a technique called 'fuzzing' for sniffing the bug out, which is a way of testing out weird and unexpected data on a computer to expose unlikely architectural behaviours.

Ormandy notes that the vulnerability would work on your average machine but also virtual machines, sandboxes, containers, processors, "whatever!"

Clearly that's a big deal for large cloud providers, who take security extremely seriously.

Speaking to Tom's Hardware after they first noted the issue, AMD said it was not aware of any actual exploits outside of a research environment. It's certainly appears unlikely that this vulnerability would pose a threat to your average gamer, and it's more the cloud providers that will be worried about potential attacks than you or I, but this is the sort of vulnerability that is best patched up as soon as possible.

AMD was informed of the vulnerability on May 15, 2023, and since then has been working on mitigations.

Mitigations have already begun rolling out for Zenbleed, starting with the affected Epyc chips. We'll see Threadripper chips patched up around October into December, depending on the model. Laptop Ryzen processors should begin being fixed around November/December this year.

AMD mitigation details for 'Zenbleed'

(Image credit: AMD)

AMD mitigation details for 'Zenbleed'

(Image credit: AMD)

Finally, desktop Ryzen processors will get patched likely around December this year. That's a long time to wait for a patch, but at least this is the sort of mitigation that can be rolled out through microcode and AGESA updates—it wasn't that long ago that hardware mitigations were needed to patch up side-channel attack vulnerabilities on some Intel processors as a result of the Spectre vulnerability, which affected many chips.

Though we haven't yet any idea as to how these patches may affect performance. Mitigations can have an impact, though whether it'll impact gaming isn't known at this time. 

Your next machine

Gaming PC group shot

(Image credit: Future)

Best gaming PC: The top pre-built machines.
Best gaming laptop: Great devices for mobile gaming.

AMD has said to Tom's Hardware: "Any performance impact will vary depending on workload and system configuration."

That's about as vague as it gets on the performance issue, though I wouldn't fret about it just yet. Any performance issues will come out in the wash once the patch drops, and it's possible there's little to no noticeable impact on frame rates

The important thing will be to look out for that new AGESA firmware and get your system secured in case any nefarious ne'er do wells end up trying to take advantage of this exploit. For desktop chips, that's ComboAM4v2PI_1.2.0.C or ComboAM4PI_1.0.0.C.

TOPICS
Jacob Ridley
Managing Editor, Hardware

Jacob earned his first byline writing for his own tech blog. From there, he graduated to professionally breaking things as hardware writer at PCGamesN, and would go on to run the team as hardware editor. He joined PC Gamer's top staff as senior hardware editor before becoming managing editor of the hardware team, and you'll now find him reporting on the latest developments in the technology and gaming industries and testing the newest PC components.

Read more
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
ASRock X870 Steel Legend WiFi motherboard
Reddit reports of 9800X3D CPUs dying in ASRock motherboards are racking up fast, but a new BIOS update seemingly only addresses boot problems
AMD press slide detailing the Ryzen 9 9950X3D processor.
AMD's Ryzen 9 9950X3D and 9900X3D CPUs are rumoured to launch at the end of March at roughly the same time as the RX 9070-series GPUs
A delidded AMD Ryzen 9000 series processor held in a hand, showing the two CCD and one IOD chiplets
One eager beaver PC builder has decided it can't wait any longer and has spilt the beans on AMD's Ryzen 9 9950X3D mega chip, two weeks before all the reviews
Robert Hallock, VP of CCG at Intel, on stage at CES 2025.
Intel unveils second round of updates intended to bring Arrow Lake desktop chips up to expectations: 'our software for the 200S has reached full performance'
Asus ROG Strix Scar 17 gaming laptop
AMD's throwing the considerably hefty Ryzen 9 9950X3D at gaming laptops and calling it a Ryzen 9 9955HX3D
Latest in Processors
A chip being held up in an Intel fab
Intel is reportedly 'working to finalize commitments from Nvidia' as a foundry partner, suggesting gaming potential for the 18A node
AMD Strix Point APU chip, held in a hand, with the reflected light showing the various processing blocks in the chip die
AMD's next-gen 'Gorgon Point' APU outted and seemingly sticks with RDNA 3.5 graphics which is disappointing for handheld gaming PCs if accurate
Nvidia CEO Jensen Huang delivering pancakes and sausages to pre-GTC show hosts and guests, wearing an apron
'There might be a party. I wasn't invited,' says Jensen Huang of the rumoured TSMC proposal to join forces and run Intel's chip fabs
Nvidia Feynman GPU
While we despair of RTX 50-series supplies and wait on next-gen Rubin, Nvidia reveals its next-next GPU architecture will be known as Feynman and is due in 2028
Nvidia Vera CPU
Nvidia reveals Vera, a new CPU with 'custom' cores which could be very exciting for its upcoming premium PC processor
Machinery tools and equipment,Rolls of galvanized steel for production metal pipes and tubes for industrial ventilation systems in factory.
New super-thin '2D' metal sheets could enable ultra-low power chips and can you guess how they're made? Yup, by squishing stuff really hard
Latest in News
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all
The new Prime Asset featured in the upcoming update for the Outlast Trials.
The Outlast Trials puts its already paranoid players under surveillance for a time-limited story event