AMD’s ‘SinkClose’ Flaw Affects Almost Every AMD CPU in Existence – Patches Are Being Released
- Security researchers Enrique Nissim and Krzysztof Okupski from IOActive have discovered a vulnerability called SinkClose that's been hiding in the AMD processors since 2006.
- It allows threat actors to infiltrate a system and embed malware that's impossible to remove - even reinstalling the operating system won't work.
- AMD has already started releasing patches, but its older processors that fall outside the software support window won't receive any patches.
Looks like it isn't just Intel that's facing processor issues - a major vulnerability has been discovered in AMD processors, too. This issue has been affecting all models released by AMD since 2006.
It's worth noting that Ryzen and EPYC series processors are included in this as well, which means millions of devices can be exposed to a SinkClose' attack.
The vulnerability was identified by security researchers Enrique Nissim and Krzysztof Okupski from IOActive. They shared details about it at the Defcon conference.
Nicknamed SinkClose (officially tracked as CVE-2023-31315), this vulnerability allows hackers to deeply infiltrate a system, making it much harder to remove or even detect malicious software.In fact, according to a report by Wired, the issue is believed to be so severe that in some cases it would be better to abandon the machine altogether than to try and repair it.
How Does It Work?The vulnerability allows hackers to target the System Management Mode (SMM) of the AMD processor, which is a high-privilege area used for low-level system management functions.
To get started, the hacker will need to gain access to the system's kernel. This isn't easy, but certainly doable if the system has been previously compromised by some other attack.
Once the perpetrator has access, they can install bootkit malware, which is a special type of malware that antivirus tools can't detect. It can live in the system for years on end by staying invisible - even reinstalling the operating system won't get rid of them.
The vulnerability is nearly impossible to fix in computers that aren't configured correctly, which is the case for most systems. In properly configured systems, the vulnerability could lead to malware infections - known as bootkits - that are nearly impossible to detect." - an IOActive statement
The only way to remove the malware is to open your computer, connect to a specific part of its memory using an SPI Flash programmer, scan the memory to find the malware, and then remove it.
What Happens Now?AMD is aware of the vulnerability and has released software updates for several of its processor families, such as its EPYC processors, the latest Threadripper, some Ryzen processors, and its MI300A data center chips.
It's good that the company has assured that there will be no impact on the processors' performance because of the patches. However, we'll only know for sure when some performance tests are run.
Here's a list of all the AMD processors that have already received a patch or are soon expected to:
Data Center | Embedded | Desktop | HEDT | Workstation | Mobile |
1st Gen AMD EPYC (Naples) | AMD EPYC Embedded 3000 | AMD Ryzen 5000 Series (Vermeer/Cezanne) | AMD Ryzen Threadripper 3000 Series (Castle Peak) | AMD Ryzen Threadripper PRO (Castle Peak) | AMD Athlon 3000 Series with Radeon Graphics (Dali/Pollock) |
2nd Gen AMD EPYC (Rome) | AMD EPYC Embedded 7002 | AMD Ryzen 7000 Series (Raphael) X3D | AMD Ryzen Threadripper 7000 Series (Storm Peak) | AMD Ryzen Threadripper PRO 3000WX (Chagall) | AMD Ryzen 3000 Series with Radeon Graphics (Picasso) |
3rd Gen AMD EPYC (Milan/Milan-X) | AMD EPYC Embedded 7003 | AMD Ryzen 4000 Series with Radeon Graphics (Renoir) | AMD Ryzen 4000 Series with Radeon Graphics (Renoir) | ||
4th Gen AMD EPYC (Genoa/Genoa-X/Bergamo/Siena) | AMD EPYC Embedded 9003 | AMD Ryzen 8000 Series with Radeon Graphics (Phoenix) | AMD Ryzen 5000 Series with Radeon Graphics (Cezanne/Barcelo) | ||
AMD Instinct MI300A | AMD Ryzen Embedded R1000 | AMD Ryzen 6000 Series with Radeon Graphics (Rembrandt) | |||
AMD Ryzen Embedded R2000 | AMD Ryzen 7020 Series with Radeon Graphics (Mendocino) | ||||
AMD Ryzen Embedded 5000 | AMD Ryzen 7030 Series with Radeon Graphics (Barcelo-R) | ||||
AMD Ryzen Embedded 7000 | AMD Ryzen 7035 Series with Radeon Graphics (Rembrandt-R) | ||||
AMD Ryzen Embedded V1000 | AMD Ryzen 7040 Series with Radeon Graphics (Phoenix) | ||||
AMD Ryzen Embedded V2000 | AMD Ryzen 7045 Series (Dragon Range) | ||||
AMD Ryzen Embedded V3000 | AMD Ryzen with Radeon Graphics (Hawk Point) |
Also, note that there might be other processors as well that are not listed on AMD's advisory, but that may be facing the same issue. They, too, won't receive any support from the company.
The only silver lining here is that since the vulnerability hasn't been discovered up until now, which is several years later, it probably hasn't been exploited yet.
Plus, exploiting the vulnerability requires an in-depth understanding of the targeted architecture, which further reduces the chances of an attack.However, if a hacker is skilled enough and manages to figure out the process, the attack won't be too difficult to execute because exploiting this vulnerability does not require direct access to the system.
Related: AMD suffers cyberattack, employee and customer data stolen
The post AMD's SinkClose' Flaw Affects Almost Every AMD CPU in Existence - Patches Are Being Released appeared first on The Tech Report.