SinkClose vulnerability threatens millions of computers with AMD processors – AMD

The vulnerability, dubbed “Sink Close,” allows malicious users to install programs “deep” in a computer’s memory, making them extremely difficult to detect and remove.

Researchers Enrique Nissim and Krzysztof Okopski presented their findings in Defcon Conferenceexplaining how SinkClose allows code to run in the processor’s system management mode, a privileged level normally reserved only for a specific, protected part of the firmware.

Although exploiting the vulnerability does require significant access to the system, the consequences can be devastating. An attacker can install a “bootkit,” a malicious program that bypasses antivirus software and remains invisible to the operating system. In some cases, the infection can persist even after the operating system is reinstalled.

Okopski emphasizes the seriousness of the situation, saying: “Imagine government-level hackers who want to maintain access to your system. Even if you completely wipe your hard drive clean, the malware will still be there, and it is almost impossible to detect and remove.”

The only effective way to remove the malware requires physically opening up the computer and using special equipment to program the memory chips. Naseem sums up the worst-case scenario in one simple sentence: “Basically, you have to throw your computer away.”

AMD acknowledged the issue and thanked the researchers for their work. The company said it has already released fixes for EPYC and Ryzen processors, with fixes for other products to follow soon. However, no details were provided regarding timing and how the vulnerability would be addressed for all affected devices.

AMD has announced all processors affected by the SinkClose software, here. With the statement he made in Tom Hardware“There are some legacy products that fall outside of our software support time horizon,” the company said. AMD has no plans to upgrade the Ryzen 1000, 2000, and 3000 series processors or the Threadripper 1000 and 2000 models.

However, most of AMD’s recent processors have already received various patches for the issue. This includes all generations of AMD’s EPYC processors for data centers and the latest Threadripper and Ryzen processors. The MI300A data center chips have also received the patch. The company said “no performance impact is expected” when asked about the implications of the update. So it’s likely that the company is still running performance tests to fully assess the patch’s effects on overall system performance.