A recently discovered security flaw, known as “Sinkclose,” has been found in hundreds of millions of AMD processors dating back to 2006, as reported by Toms Hardware. This vulnerability allows hackers to infiltrate systems virtually undetected, making it a significant concern for users worldwide.
Wired points out that the Sinkclose flaw enables attackers to run malicious code in the chips’ normally protected System Management Mode, allowing for deep and virtually undetectable infections. While this vulnerability is considered more of a risk for governments and large entities, it could have disastrous consequences if exploited on a large scale.
Researchers at IOActive estimate that hundreds of millions of AMD chips are vulnerable to this flaw, spanning from the Ryzen 1000, 2000, and 3000 series to the Threadripper 1000 and 2000 series. Unfortunately, AMD has stated that they will not provide patches for these older processor series, as they are outside the company’s software support window.
As Engadget reports, newer AMD processors, including all generations of EPYC processors and the latest Threadripper and Ryzen processors, have either already received or will receive mitigation options to address the Sinkclose flaw. AMD has assured users that there is no expected performance impact from these updates.
The severity of the Sinkclose flaw cannot be overstated, as it allows hackers to gain deep access to systems and potentially cause significant damage. Users with older, unsupported processors or those who do not update their systems are at a heightened risk of being exploited by malicious actors.
Krzysztof Okupski, a researcher from the security firm IOActive warns about the issue. “Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it’s still going to be there,” says Okupski. “It’s going to be nearly undetectable and nearly unpatchable.”
Security experts recommend that users with affected processors take immediate action to minimize the risk of exploitation. This includes updating to newer, patched processors or implementing additional security measures to prevent attacks.
As AMD works to release patches for affected processors, the exact timeline for addressing the issue remains unclear. Users are advised to stay informed about AMD’s progress and take necessary precautions to ensure their systems remain secure in the face of this severe vulnerability.
Affected Processors
AMD has confirmed that several of its older processor series will not receive patches for the Sinkclose vulnerability. The Ryzen 1000, 2000, and 3000 series, as well as the Threadripper 1000 and 2000 series, are among those that will remain unprotected. AMD cites that these products are outside their software support window, leaving users of these chips at risk.
However, newer AMD processors, including all generations of EPYC processors and the latest Threadripper and Ryzen processors, have either already received or will soon receive mitigation options to address the Sinkclose flaw. AMD has stated that there is “No performance impact expected” when asked about the update.
It is crucial for users to check if their AMD processors are affected and take appropriate action. If you own an unsupported processor series, it may be time to consider upgrading to a newer, patched model to ensure the security of your system. Stay informed about AMD’s progress in releasing patches and follow their guidance to keep your data and devices safe from potential exploits.
Image credit: AMD
