You are currently offline

Sinkclose vulnerability has recently come to light, affecting AMD's Ryzen and EPYC CPUs which was reportedly present for over a decade

The Sinkclose vulnerability has recently come to light, affecting AMD's Ryzen and EPYC CPUs. This vulnerability, reportedly present in AMD CPUs for over a decade, was highlighted at the Defcon hacker conference by security experts from IOActive. The issue is particularly concerning because it allows attackers to execute malicious code within the CPU's "System Management Mode" (SMM), a critical part of the processor responsible for handling sensitive firmware operations.

AMD Ryzen
AMD Ryzen


To exploit this vulnerability, attackers need deep access to an AMD-based system, often achieved through a malware called a bootkit. This malware operates at a low level, making it undetectable by conventional antivirus software. Once embedded, the bootkit allows the attacker to maintain persistent control over the system, even surviving actions like wiping the hard drive.

Addressing the issue is complicated, as it requires physical intervention using an SPI Flash programmer to reprogram the system's firmware. AMD has acknowledged the vulnerability and has responded by releasing a security bulletin and providing firmware and microcode patches to mitigate the issue across affected CPU generations, including Ryzen 3000 series and above, and 1st Gen EPYC and above server CPUs. However, the Ryzen 3000 Desktop family, based on Zen 2 architecture, still lacks a comprehensive mitigation solution.

For most users, the immediate risk remains low, but AMD's actions suggest that BIOS updates will likely be the primary method for addressing the vulnerability in the broader consumer market. Users are advised to stay updated with the latest firmware releases and monitor any further announcements from AMD.

Share Article:
Editor

Group of selected Authors

Post a Comment (0)
Previous Post Next Post