It feels like we hear about a new security flaw affecting consumer-grade CPUs almost every month. Considering the complexity of modern processors and the systems that rely on them, perhaps this shouldn’t come as a surprise.
However, the latest issue involving AMD processors is especially concerning. The “Sinkclose” vulnerability extends across multiple generations of AMD CPUs, including some that are no longer supported and may never receive a fix.
This flaw allows malicious actors to execute unchecked code on an AMD Ryzen processor within System Management Mode, bypassing the security measures of both Windows and most BIOS and UEFI setups. The flaw was discovered by researchers at IOActive and presented at Defcon.
Once exploited, the vulnerability could enable attackers to install bootkits that evade traditional security tools, including antivirus software and Windows’ native defenses. Alarmingly, the infection could survive even a full operating system reinstall.
Researcher Enrique Nissim detailed the laborious process required to purge the infection from a compromised system’s memory and bluntly concluded, “You basically have to throw your computer away.”
AMD has confirmed that it was informed of the flaw and has already “released mitigation options” for affected Ryzen-based PCs and industrial servers. Updates for embedded AMD hardware, such as gaming console APUs, are expected soon.
The list of products affected by the Sinkclose vulnerability, according to AMD, includes chips as old as the Ryzen 3000 series from 2019, all of which will receive updates to close the security gap.
However, this list contradicts a report provided to Wired, which claims the vulnerability affects processors going as far back as 2006. While many of these older chips are no longer supported and may no longer be in use, the vast number of affected devices means that some are still active, potentially even within critical infrastructure.
The silver lining is that this flaw isn’t easily exploitable, at least based on current knowledge. The researchers are giving AMD time to roll out patches before revealing the full details. For the flaw to be exploited, a program would need kernel-level access to inject malicious code into the pre-OS boot process. Microsoft and its OEM partners are expected to release updates soon to address the vulnerability on supported systems.
Unfortunately, kernel-level vulnerabilities, while complex, are relatively common. They’re precisely the type of exploit that state-sponsored hackers and industrial espionage agents seek out due to their power and the potential to compromise a wide range of systems.