ASUS - ZenTalk

tm4ig · ‎05-02-2024

Two month ago I have bought ASUS Vivobook Pro 15 M6500XV laptop.

Current 306 from june 2023 bios version is vulnerable for CVE-2023-20569 https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html so I have written to asus support and I have asked about new bios version with new amd cpu microcode and AGESA firmware for fix vulnerable.

After my question to asus support on official website https://www.asus.com/laptops/for-creators/vivobook/asus-vivobook-pro-15-oled-m6500/helpdesk_bios?mod... the new bios version 309 from december 2023 has appeared but this bios version does not fix CVE-2023-20569 vulnerable

One month ago bios version 309 from december 2023 for asus M6500XV laptop has disappeared from asus web-site and now only bios 306 june 2023 is available.

So I again have written to asus support and asked:

1) why does bios version 309 was deleted from asus website?

2) when will be new bios version for fix CVE-2023-20569?

But asus support does not answer on my questions, so I ask on this forum:

1) why does bios version 309 was deleted from asus website for M6500XV laptop?

2) when will be new bios version for fix CVE-2023-20569 for M6500XV laptop?

3) why does asus support is very bad?

Falcon_ASUS · ‎05-05-2024

@norti , @tm4ig
Regarding the issues you've reported, I have forwarded them to the technical team for confirmation. If there are any updates, we will promptly inform you. We apologize for any inconvenience caused and appreciate your understanding.

tm4ig · ‎05-08-2024

@norti @Falcon_ASUS

Have you link to bios 309 or file with bios 309?

After downgrade my bios from 309 to 306 version my radeon igpu is unstable

Falcon_ASUS · ‎05-08-2024

@tm4ig
After confirmation, the BIOS 309 has been temporarily taken down due to its potential to cause screen flickering in certain situations. Therefore, we are unable to provide it for your use. We apologize for any inconvenience this may cause.

tm4ig · ‎05-08-2024

@Falcon_ASUS

Bad, very bad... On my system "screen flickering" with bios 306, but not 309.

And, what about CVE-2023-20569 vulnerable?

AMD recommends customers apply either the standalone µcode patch or a BIOS update that incorporates the µcode patch, as applicable, for products based on “Zen 3” and “Zen 4” CPU architectures. AMD has released updated AGESA™ versions to Original Equipment Manufacturers (OEM), Original Design Manufacturers (ODM) and motherboard manufacturers (MB) on the August-September 2023.

OS updates do not fix vulnerable completely. For AMD Ryzen 7040 Series Mobile Processors with Radeon Graphics needed AGESA Firmware PhoenixPI-FP8-FP7_1.0.0.2a from 2023-08-23 .

AMD recommend refer OEM, ODM, or MB for a BIOS update specific product.

ASUS had 8 months for prepare new bios for laptop model M6500XV (model 2023) for fix CVE-2023-20569 vulnerable and 12 months for prepare new bios for fix stability.

For comparison my old Dell laptop 2016 still receives security and stability bios updates every few months.

Falcon_ASUS · ‎05-09-2024

@tm4ig
In your previous message, you mentioned using a Linux system. I need to remind you that we haven't tested Linux systems, so we can't guarantee their stability and compatibility. Regarding the CVE-2023-20569 vulnerability you mentioned, the relevant team is currently handling it. I will promptly update you if there are any developments. Sorry for any inconvenience it may be caused.

ASUS - ZenTalk

M6500XV laptop bios and very bad asus support