The “SinkClose” flaw has been present since at least 2006 and affects nearly all AMD chips.
Security researchers have discovered a long-standing vulnerability in AMD processors, which has been around for decades, according to Wired. This flaw is particularly interesting because it’s found in the chip’s firmware, allowing malware to infiltrate a computer’s memory deeply.
Security experts at IOActive identified the vulnerability, called the “Sinkclose” flaw. It could enable hackers to run their code in the most privileged part of an AMD processor, System Management Mode.
This is usually a highly protected area of the firmware. The researchers also revealed that this flaw has been present since at least 2006 and affects nearly all AMD chips.
Here’s the silver lining: Even though this flaw could be severe, it’s unlikely to affect everyday users.
Hackers need deep access to an AMD-based PC or server to exploit this vulnerability fully. That’s too much effort for an average home computer, so most people don’t need to worry.
However, it could be a more significant issue for companies or large organizations. AMD has released security updates to fix the SinkClose vulnerability in its newer and more powerful processors, like the EPYC data centre processors and the latest Ryzen models. However, some older but still widely used chips, such as the Ryzen 3000, 2000, and 1000 series, won’t get these patches.
Here’s what you need to know:
Vulnerable Processors:
EPYC 1st to 4th generations
EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
Ryzen Embedded V1000, V2000, and V3000
Ryzen 3000, 5000, 4000, 7000, and 8000 series
Ryzen Mobile 3000, 5000, 4000, and 7000 series
Ryzen Threadripper 3000 and 7000 series
AMD Threadripper PRO
AMD Athlon 3000 Mobile
AMD Instinct MI300A
What You Can Do: If your system uses one of the newer CPUs, ensure your BIOS is updated with the latest AMD patches to protect it.
Always keep your system safe by staying up to date with system updates, using strong passwords, and enabling two-factor authentication (2FA). If you can prevent attackers from getting into your system, they won’t be able to exploit the SinkClose vulnerability.
If you have an older processor, it’s terrible news that AMD is not offering fixes. I know this is outrageous! Hopefully, If enough people ask for fixes, the company might release patches for those older chips.
If you have any concerns about your system, please call 01246 956 520 or email contactus@pine-it.co.uk We will happily guide you and do our best to keep you secure! #itsupport #AMD #itnews #SinkClose
