AMD Zenbleed Vulnerability - BIOS version update needed in Acer Swift 3 models such as SF314-43

msander452
msander452 Member Posts: 17 Troubleshooter
edited June 15 in Swift and Spin Series

Some Acer Swift 3 models such as SF314-43 come with AMD Ryzen 5 (other models using AMD CPUs based on Zen 2 architecture are also affected).

This CPU is affected by Zenbleed Vulnerability which posses security risk to users (possibility of attacker stealing passwords, credit card numbers and other data or credentials) .

Acer - please release new BIOS and update AGESA firmware to version Cezanne PI FP6 1.0.1.0 to fix the following HIGH SEVERITY and MEDIUM SEVERITY issues:


CVE-2023-20563 - High Severity

CVE-2023-20565 - High Severity

CVE-2023-20571 - Medium Severity

CVE-2023-20593 - Medium Severity

please refer to :

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4002.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

[Edited the thread to add model number to the title]

Answers

  • Puraw
    Puraw ACE, Member Posts: 13,165 Trailblazer

    Make sure your system is fully up to date with BOIS version 1.08 and Windows11 23H2 version 22631.3672, have all W11 security enabled (picture) with green dots, you don't need to worry about core vulnerabilities, Microsoft provides the best security, I recommend you uninstall 3rd-party anti-virus programs as these clash with the Windows Firewall/Defender, AV programs require proprietary uninstallers that you can download from their websites, Windows uninstaller will not completely of fail uninstalling 3rd-party AV programs.

  • msander452
    msander452 Member Posts: 17 Troubleshooter

    It looks like you did not investigate the problem carefully. The last BIOS (v.1.08) does not fix Zenbleed vulnerability of AMD Ryzen™ 5 5500U. The BIOS release notes mention that this BIOS version updates AGESA firmware to PI FP6_1.0.0.C but  in order to fix the Zenbleed vulnerability for this particular CPU, AGESA firmware needs to be updated to version Cezanne PI FP6 1.0.1.0.

    ACER needs to release new BIOS update for this laptop model Swift 3 SF314-43 and the BIOS update needs to upgrade Cezanne PI FP6 to version 1.0.1.0.

    Currently this model is still vulnerable to all High and Medium Severity security issues that I have mentioned in my original post. Anyone who thinks about buying this laptop model should think twice and put his plans on hold until ACER fixes all security problems of this device.

  • jonna241
    jonna241 Member Posts: 4 New User

    Is there any update on this? When will ACER release new bios for swift 3 to fix this issue? Unfortunately I have bought this particular model. From what I can see, all other manufacturers have already released updated BIOS to fix AMD cpu bug… why does it take so long for ACER to fix this???

  • billsey
    billsey ACE Posts: 34,101 Trailblazer

    You will have to ask Acer, none of us users will have any real insight into when they might release that. As stated above, the Intel updates come in via Windows update, but apparently Microsoft isn't doing that for the AMD updates.

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • jose23
    jose23 Member Posts: 6

    Tinkerer

    Seems like this company completely does not care about it's clients. I have bought this model and later found out about the CPU issue , ACER did not release new BIOS fixing the issue and the support team completely ignores any requests, next time I will choose a different brand!

  • billsey
    billsey ACE Posts: 34,101 Trailblazer

    How are you reaching out to support? Just posting here does not get to any Acer people, since the moderators only monitor for community guideline infractions…

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • leslaa3
    leslaa3 Member Posts: 2 New User

    I also tried to get in touch with Acer regarding this issue. I've send them an email but the response was that the Acer they currently don't have any feedback regarding fixing the AMD CPU issues on Swift 3 .. this is a joke! The issue affecting so many of their customers and they don't care about fixing the problem that can only be fixed by releasing new version of bios… lesson learned… no more ACER equipment, there are other companies out there that care about their customers!

  • Wick-Acer
    Wick-Acer Moderator Posts: 10 Moderator

    Hello Everyone,

    In case of Vulnerability issue please click the below link

    https://community.acer.com/en/kb/articles/13285-report-a-vulnerability

  • oliv2
    oliv2 Member Posts: 7

    Tinkerer

    I did report this issue to ACER tech support and to my surprise they replied saying basically that "it's too much work to release new BIOS that would fix this critical issue". Seriously do not buy anything from ACER! This company completely does not about their clients once they sell the product!

    It is completely unacceptable that ACER sells faulty hardware with no intention to fixing it. I have spoken to a friend who is a lawyer and he confirmed that due to the fact that Acer sells vulnerable hardware and refuses to provide fix (new BIOS, which they admitted in the email that I have received from their tech support) all customers who bought this laptop have the right to return it and receive a the money back as the ACER basically fails to fulfill it's warranty obligations.