Yes, I see the same problem with AMD Ryzen 7 5700U.

CC: (none) => tarazed25

Thank you for spotting this and reporting.

I set this to last packager. Previous was tmb.
- Nicholas, if you ca not do this now, please re-assign to all packagers.

I set this to security.
- If wrong please adjust.

QA Contact: (none) => security
Component: RPM Packages => Security
Assignee: bugsquad => nicolas.salguero
CC: (none) => fri

(In reply to Jose Manuel López from comment #0)
> As far as I have been able to check, in github there is a more current
> version of microcode: ver0B40401C_2024-07-15. 
> 
> Check this link to verify this information and update microcode to the
> latest version for our AMD users in Mageia.

Hi,

As far as I can see, AMD microcodes are only available in https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git, contrary to Intel ones, that are provided in a github repository.

Best regards,

Nico.

Is this link any use?  It says "Public".
https://github.com/platomav/CPUMicrocodes/tree/master/AMD

The message "Zenbleed: please update your microcode for the most optimal fix" does not mean you machine is vulnerable, it means that the bug is being mitigated in software, which is less efficient than mitigating it in the microcode.

In AMD's announcement of CVE-2023-20593:

  https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

they said it would only be mitigated by a microcode update for the EPYC server-class CPUs. For other classes of CPU it would be mitigated by a firmware (BIOS) update from your machine/motherboard vendor. I can't find anything to say the situation has changed.

CC: (none) => mageia

Hi,

I checked from where some other distributions get their microcode updates.  I found that we work exactly as the other do.

For Intel, the source is: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/

For AMD, the source is: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git (mainly the directories "amd" and "amd-ucode").

Nobody is using https://github.com/platomav/CPUMicrocodes/.  Moreover, the README states that:
"""
It is generally advised to request and/or wait for your OEM/OS to release newer fixes. Latest is not always better or tested. Manufacturers and OS mainteners usually have some insider/confidential info from microcode vendors on what got changed/fixed at newer microcode releases so if they ship older microcodes, it could be that newer versions have not been thoroughly tested, have been retracted/downgraded by the microcode vendor or not contain anything important enough to warrant an update. The microcodes here are gathered and provided with the sole purpose of helping people who are out of other viable solutions. Thus, they can be extremely helpful to those who have major problems with their systems for which their manufacturer refuses to assist due to indifference and/or system age.
"""

For all those reasons, I consider that bug as invalid.

Best regards,

Nico.

Resolution: (none) => INVALID
Status: NEW => RESOLVED

(In reply to Nicolas Salguero from comment #6)
> For all those reasons, I consider that bug as invalid.

I agree, so maybe instead patch our kernel to agree with us and not say "please update your microcode" ?

(In reply to Morgan Leijström from comment #7)
> I agree, so maybe instead patch our kernel to agree with us and not say
> "please update your microcode" ?

That message does tell you if your BIOS contains the fixed microcode, so it has some value. For example, after updating the BIOS on my desktop machine, that message has gone, but after updating the BIOS on my laptop it is still present.