One security issue I somehow missed back in July was Zenbleed, an issue with AMD CPUs that's getting patched up in the Linux kernel and now the Steam Deck is getting a kernel fix for it too.
Turns out the original code in the Linux kernel somehow missed the Steam Deck, so now it’s being pulled in urgently to ensure it’s also protected as per the patch:
Commit 522b1d69219d (“x86/cpu/amd: Add a Zenbleed fix”) provided a fix for the Zen2 VZEROUPPER data corruption bug affecting a range of CPU models, but the AMD Custom APU 0405 found on SteamDeck was not listed, although it is clearly affected by the vulnerability.
Add this CPU variant to the Zenbleed erratum list, in order to unconditionally enable the fallback fix until a proper microcode update is available.
I’m sure some people will argue against it as these fixes can come with performance penalties, because the Steam Deck is primarily a gaming device.
But still, it has a full desktop mode it’s not a traditional locked down console, you can install a browser and do basically anything with it - better to be safe than sorry.
If you’re on desktop, as always it’s a good idea to ensure you regularly check for updates to patch up issues like this.
This is the best summary I could come up with:
Turns out the original code in the Linux kernel somehow missed the Steam Deck, so now it’s being pulled in urgently to ensure it’s also protected as per the patch:
Commit 522b1d69219d (“x86/cpu/amd: Add a Zenbleed fix”) provided a fix for the Zen2 VZEROUPPER data corruption bug affecting a range of CPU models, but the AMD Custom APU 0405 found on SteamDeck was not listed, although it is clearly affected by the vulnerability.
Add this CPU variant to the Zenbleed erratum list, in order to unconditionally enable the fallback fix until a proper microcode update is available.
I’m sure some people will argue against it as these fixes can come with performance penalties, because the Steam Deck is primarily a gaming device.
But still, it has a full desktop mode it’s not a traditional locked down console, you can install a browser and do basically anything with it - better to be safe than sorry.
If you’re on desktop, as always it’s a good idea to ensure you regularly check for updates to patch up issues like this.
I’m a bot and I’m open source!