AMD Zenbleed Vulnerability - BIOS version update needed in Acer Swift 3 models such as SF314-43

Some Acer Swift 3 models such as SF314-43 come with AMD Ryzen 5 (other models using AMD CPUs based on Zen 2 architecture are also affected).

This CPU is affected by Zenbleed Vulnerability which posses security risk to users (possibility of attacker stealing passwords, credit card numbers and other data or credentials) .

Acer - please release new BIOS and update AGESA firmware to version Cezanne PI FP6 1.0.1.0 to fix the following HIGH SEVERITY and MEDIUM SEVERITY issues:

CVE-2023-20563 - High Severity

CVE-2023-20565 - High Severity

CVE-2023-20571 - Medium Severity

CVE-2023-20593 - Medium Severity

please refer to :

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4002.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

[Edited the thread to add model number to the title]

Accepted answers

All comments

Puraw

https://community.acer.com/en/discussion/706739/amd-zenbleed-vulnerability-bios-version-update-needed

Make sure your system is fully up to date with BOIS version 1.08 and Windows11 23H2 version 22631.3672, have all W11 security enabled (picture) with green dots, you don't need to worry about core vulnerabilities, Microsoft provides the best security, I recommend you uninstall 3rd-party anti-virus programs as these clash with the Windows Firewall/Defender, AV programs require proprietary uninstallers that you can download from their websites, Windows uninstaller will not completely of fail uninstalling 3rd-party AV programs.

msander452

https://community.acer.com/en/discussion/comment/1279055#Comment_1279055

It looks like you did not investigate the problem carefully. The last BIOS (v.1.08) does not fix Zenbleed vulnerability of AMD Ryzen™ 5 5500U. The BIOS release notes mention that this BIOS version updates AGESA firmware to PI FP6_1.0.0.C but in order to fix the Zenbleed vulnerability for this particular CPU, AGESA firmware needs to be updated to version Cezanne PI FP6 1.0.1.0.

ACER needs to release new BIOS update for this laptop model Swift 3 SF314-43 and the BIOS update needs to upgrade Cezanne PI FP6 to version 1.0.1.0.

Currently this model is still vulnerable to all High and Medium Severity security issues that I have mentioned in my original post. Anyone who thinks about buying this laptop model should think twice and put his plans on hold until ACER fixes all security problems of this device.

jonna241

Is there any update on this? When will ACER release new bios for swift 3 to fix this issue? Unfortunately I have bought this particular model. From what I can see, all other manufacturers have already released updated BIOS to fix AMD cpu bug… why does it take so long for ACER to fix this???

billsey

You will have to ask Acer, none of us users will have any real insight into when they might release that. As stated above, the Intel updates come in via Windows update, but apparently Microsoft isn't doing that for the AMD updates.

jose23

Seems like this company completely does not care about it's clients. I have bought this model and later found out about the CPU issue , ACER did not release new BIOS fixing the issue and the support team completely ignores any requests, next time I will choose a different brand!

billsey

How are you reaching out to support? Just posting here does not get to any Acer people, since the moderators only monitor for community guideline infractions…

leslaa3

https://community.acer.com/en/discussion/comment/1282656#Comment_1282656

I also tried to get in touch with Acer regarding this issue. I've send them an email but the response was that the Acer they currently don't have any feedback regarding fixing the AMD CPU issues on Swift 3 .. this is a joke! The issue affecting so many of their customers and they don't care about fixing the problem that can only be fixed by releasing new version of bios… lesson learned… no more ACER equipment, there are other companies out there that care about their customers!

Wick-Acer

Hello Everyone,

In case of Vulnerability issue please click the below link

https://community.acer.com/en/kb/articles/13285-report-a-vulnerability

oliv2

https://community.acer.com/en/discussion/comment/1282922#Comment_1282922

I did report this issue to ACER tech support and to my surprise they replied saying basically that "it's too much work to release new BIOS that would fix this critical issue". Seriously do not buy anything from ACER! This company completely does not about their clients once they sell the product!

It is completely unacceptable that ACER sells faulty hardware with no intention to fixing it. I have spoken to a friend who is a lawyer and he confirmed that due to the fact that Acer sells vulnerable hardware and refuses to provide fix (new BIOS, which they admitted in the email that I have received from their tech support) all customers who bought this laptop have the right to return it and receive a the money back as the ACER basically fails to fulfill it's warranty obligations.

Quick Links

Top Members

Weekly

Puraw 265

Jack22 160

RenanVilela 95

Diya1811 90

GAMING6698 75

Swift Series Intel^® Evo™

Game Pass

Acer Corner

Gaming on Chromebook

Swift Series Intel® Evo™

Game Pass

Acer Corner

Gaming on Chromebook

Swift Series Intel^® Evo™