• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    2
    ·
    1 year ago

    This is the best summary I could come up with:


    Last month when the Linux kernel was mitigated for Zenbleed as a CPU vulnerability affecting AMD Zen 2 processors, it turns out the Steam Deck APU was accidentally left without coverage.

    An x86/urgent pull request sent out today for the Linux 6.5 kernel and for back-porting to current stable Linux kernel releases will extend the Zenbleed mitigation to protect Steam Deck gamers.

    Most notable with these fixes is adding models 0x90-0x91 to the range of AMD Zenbleed-affected Zen 2 processors.

    It looks like the Steam Deck’s custom APU was just accidentally left out in the original Zenbleed patch.

    This patch enables the Zenbleed fallback fix until a proper CPU microcode update is available for the Steam Deck.

    Zenbleed (CVE-2023-20593) was disclosed last month after this data leakage vulnerability was discovered by a Google researcher.


    I’m a bot and I’m open source!

  • vividspecter@lemm.ee
    link
    fedilink
    arrow-up
    18
    ·
    1 year ago

    If there is a performance cost for this, hopefully it isn’t too high given the limited resources of the Deck.

    • MDKAOD
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      1 year ago

      The headroom required for the mitigation is statistically insignificant according to the details page on the cve.

      see the comparison chart.

      • vividspecter@lemm.ee
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Good to see. That seems to have been the case with most of the AMD vulnerabilities actually. Which stands in stark contrast to the “up to 50%” hit of Intel’s Downfall, and some of the other Intel vulnerabilities.