MSI has rolled out a new AGESA 1.2.0.Ca BIOS for its AM4 motherboards which addresses a security flaw on AMD Zen 2 CPUs.
MSI's Latest BIOS Update Addresses AMD Zen 2 CPU Security Flaw, AGESA 1.2.0.Ca For AM4 Motherboards
It's been a while since AMD's AM4 motherboards received a major BIOS update but it looks like the new one had to be rolled out since Zen 2 CPUs had been affected by a cross-process information leak issue. MSI is quick to address this and has rolled out its AGESA 1.2.0.Ca BIOS update which can be acquired here.
MSI releases new AM4 AGESA https://t.co/fqfpMb4P2K BIOS to fix CPU security issue.https://t.co/l0UKJmpxvNhttps://t.co/aEKj6bcDSS pic.twitter.com/bDlbDAI23G
— chi11eddog (@g01d3nm4ng0) May 2, 2024
Summary
Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.
CVE Details
| CVE | Severity | CVE Description |
| CVE-2023-20593 | Medium | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. |
Mitigation
AMD recommends applying the µcode patch listed below for AMD EPYC 7002 Processors and applying BIOS updates that include the following AGESA firmware versions for other affected products. AMD plans to release to the Original Equipment Manufacturers (OEM) the AGESA versions on the target dates listed below. Please refer to your OEM for the BIOS update specific to your product.
DESKTOP
| Mitigation details Update to versions listed or higher |
AMD Ryzen 3000 Series Desktop Processors (Formerly codenamed) “Matisse” |
AMD Ryzen 4000 Series Desktop Processors with Radeon™ Graphics (Formerly codenamed) “Renoir” AM4 |
| AGESA firmware | ComboAM4v2PI 1.2.0.C (2024-02-07)ComboAM4PI 1.0.0.B (2024-03-20) |
ComboAM4v2PI 1.2.0.Ca (2024-03-14) |
HIGH END DESKTOP (HEDT)
| Mitigation details Update to versions listed or higher |
AMD Ryzen Threadripper 3000 Series Processors (Formerly codenamed) “Castle Peak” HEDT |
| AMD AGESA firmware | CastlePeakPI-SP3r3 1.0.0.A (2023-11-21) |
WORKSTATION
| Mitigation details Update to versions listed or higher |
AMD Ryzen Threadripper PRO 3000WX Series Processors (Formerly codenamed) “Castle Peak” WS SP3 |
| AGESA firmware | CastlePeakWSPI-sWRX8 1.0.0.C (2023-11-29)ChagallWSPI-sWRX8 1.0.0.7 (2024-01-11) |
About the author: A Software Engineer by training and a PC enthusiast by passion, Hassan Mujtaba serves as Wccftech's Senior Editor for hardware section. With years of experience in the industry, he specializes in deep-dive technical analysis of next-generation CPU and GPU architectures, motherboards, and cooling solutions. His work involves not only breaking news on upcoming technologies but also extensive hands-on reviews and benchmarking.
Follow Wccftech on Google to get more of our news coverage in your feeds.
