An urgent pull request was recently sent out to extend the Linux 6.5 kernel’s vulnerability mitigation to Valve’s Steam Deck. When the kernel was patched last month, it was discovered that mitigations were not implemented for Valve’s custom AMD SoC, sometimes referred to as Aerith. AMD’s Zen 2 architecture can be found in various products, including Ryzen processors, Epyc server chips, Sony PlayStation 5, Microsoft Xbox Series X/S consoles, and Valve’s Steam Deck.

News of the ‘Zenbleed’ vulnerability broke three weeks ago, posing a potential threat to AMD Zen 2 processor users. Zenbleed could be exploited through simple remote attack vectors, such as JavaScript embedded in a webpage, potentially compromising encryption keys and web logins.

The pull request for the Linux kernel includes a developer’s note acknowledging that the AMD Custom APU 0405 found on Steam Deck was not listed, despite being affected by the vulnerability. The developer requests the addition of the Steam Deck’s CPU to the Zenbleed list to enable the fallback fix until a proper microcode update is available.

As of now, AMD has not released official patches for Zenbleed, except for the EPYC 7002 ‘Rome’ processors. The patches for other products are expected to be released between November and December this year. It is worth noting that AMD is not aware of any Zenbleed exploits outside of research environments. The efficacy of microcode updates in fixing the vulnerability with minimal performance penalties remains to be seen.

Despite the potential performance effects, the Steam Deck, being a full-on Linux computer, offers a complete gaming experience with web browsing capabilities. The gaming industry has recently been plagued with newly uncovered bugs, as seen with Zenbleed, as well as the Intel Downfall and AMD Inception vulnerabilities.