speed47
commented
1 year ago Hello,
The script is most probably correct: AMD didn't release all the microcodes yet, some will be there only in December.
If the tool reports a more recent microcode version for your CPU, and you don't seem to have it, this FAQ entry should answer your questions: https://github.com/speed47/spectre-meltdown-checker/blob/master/FAQ.md#the-tool-says-there-is-an-updated-microcode-for-my-cpu-but-i-dont-have-it
However, as far as Zenbleed is concerned, an up to date kernel is able to mitigate the issue even without a microcode update, so you should still end up having the vulnerability reported as mitigated by the script as long as your kernel is recent enough.
taggart
Hello everyone, I apologize for posting this as an issue, but I'm unsure if I've done something wrong or if the script is not reporting correctly. I have a Zen2 CPU, which means I am affected by the new CVE-2023-20593. To address this, I installed the latest version of 'amd64-microcode' for Debian 10 (amd64-microcode_3.20230719.1~deb10u1), which is supposed to mitigate the new CVE, as mentioned in their changelog here: https://metadata.ftp-master.debian.org/changelogs/non-free-firmware/a/amd64-microcode/amd64-microcode_3.20230719.1_changelog.
However, after rebooting the server and running the script, it still reports that my system is vulnerable. I'm wondering if there's an issue with the script not recognizing this microcode or if I might be missing something in the installation process. Any help or insights would be greatly appreciated. Thank you!