Serious vulnerability 'Sinkclose' discovered in many AMD CPUs, AMD distributes patch but it does not apply to some older models
Cybersecurity company IOActive announced the existence of a critical security vulnerability called '
DEF CON Official Talk | AMD Sinkclose: Universal Ring-2 Privilege Escalation | Las Vegas, NV – IOActive
https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/
SMM LOCK BYPASS
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
AMD won't patch all chips affected by severe data theft vulnerability — older Ryzen models will not get patched for 'Sinkclose' [Updated] | Tom's Hardware
AMD addresses Sinkclose vulnerability but older processors left unattended | CSO Online
https://www.csoonline.com/article/3485621/amd-addresses-sinkclose-vulnerability-but-older-processors-left-unattended.html
Researchers discover potentially catastrophic exploit present in AMD chips for decades
https://www.engadget.com/cybersecurity/researchers-discover-potentially-catastrophic-exploit-present-in-amd-chips-for-decades-161541359.html
The vulnerability, 'Sinkclose,' discovered by IOActive allows malicious code to be executed in System Management Mode (SMM), a region used for processing operations necessary for system stability, such as power management, hardware control, and security.
According to IOActive, Sinkclose exploits AMD's CPU compatibility maintenance feature 'TClose' to deceive the processor and enable code execution at the SMM level. Since exploiting the vulnerability requires access to the kernel level, attackers who exploit Sinkclose essentially target PCs that have previously been subject to another cyber attack. AMD speculates that 'it would be difficult to actually exploit, as it would be like accessing a safe deposit box in a bank where alarms, security guards, safe doors, and other security measures have already been eliminated,' but IOActive security researcher Enrique Nishim warned, 'Vulnerabilities that allow access to the kernel level exist in all systems. Therefore, Sinkclose is not an armchair theory, but is actually available to attackers.'
PCs attacked by Sinkclose may have malware installed that is extremely difficult to detect with normal antivirus software. In addition, in systems that do not properly implement AMD's Platform Secure Boot (PSB) hardware defense layer, it has been pointed out that the malware infection may not be removed even by reinstalling the OS.
Sinkclose may affect most AMD chips manufactured since 2006, potentially putting hundreds of millions of chips at risk. AMD has applied patches to some of its CPUs to mitigate the vulnerability. Below is a table showing which models are covered by the patches.
| category | Affected CPUs |
|---|---|
| For Data Centers | 1st Gen AMD EPYC |
| For embedded PCs | AMD EPYC Embedded 3000 |
| For Desktop | AMD Ryzen 5000 Series |
| For high-end desktops | AMD Ryzen Threadripper 3000 Series |
| For Workstations | AMD Ryzen Threadripper PRO |
| For Notebook PCs | AMD Athlon 3000 Series with Radeon Graphics |
On the other hand, patches have not been distributed to relatively old models such as the Ryzen 1000, 2000, and 3000 series, and the Threadripper 1000 and 2000 series. AMD has positioned these products as 'out of software support' and are not eligible for security updates. Arjun Chauhan, a senior analyst at market research firm Everest Group, criticized, 'The fact that AMD has now excluded older processors from the scope of patch application may undermine customer trust. There are still many companies using chips that are out of software support, and they are more likely to introduce competitor products that offer longer support lifecycles.'
Related Posts:
