AMD Processors Security Leak
AMD Processors Face „Unfixable“ Security Flaw
Sinkclose“ vulnerability affects hundreds of millions of AMD chips
A critical security flaw has been discovered in AMD processors, affecting models dating back to 2006. Dubbed „Sinkclose,“ this vulnerability has the potential to compromise the security of hundreds of millions of AMD CPUs by allowing hackers to execute malicious code in the chip’s highly privileged System Management Mode (SMM). This flaw could enable the creation of deeply embedded malware capable of surviving operating system reinstalls.
The „Sinkclose“ vulnerability was uncovered in October 2023 by security researchers Enrique Nissim and Krzysztof Okupski. The vulnerability is particularly alarming because it affects the process level of PCs and servers, granting attackers the ability to hide malicious software from both the operating system and applications. A sinkhole attack exploiting this flaw would require kernel-level access, making it exceptionally challenging but not impossible to execute.
In response to the discovery, AMD has acknowledged the issue and is currently working on a firmware update to address the vulnerability. According to AMD’s Security Bulletin, the fix is expected to be released in October 2024. However, not all processors will receive this update; notably, the Ryzen 3000 series will not be patched.
While AMD has reassured users that gaining the necessary kernel-level access to exploit this vulnerability is difficult, the existence of previous attacks exploiting similar vulnerabilities has raised concerns within the cybersecurity community. Both Wired and Bleeping Computer have reported on the issue, highlighting the potential risks associated with this flaw.
As AMD works towards a solution, the revelation of the „Sinkclose“ vulnerability underscores the ongoing challenges in securing hardware against increasingly sophisticated threats.