Security News New AMD SinkClose flaw helps install nearly undetectable malware

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system's Kernel.

The Ring -2 privilege level is associated with modern CPUs' System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.

Due to its high privilege level, SMM is isolated from the operating system to prevent it from being targeted easily by threat actors and malware.

According to AMD's advisory, the following models are affected:

• EPYC 1st, 2nd, 3rd, and 4th generations
• EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
• Ryzen Embedded V1000, V2000, and V3000
• Ryzen 3000, 5000, 4000, 7000, and 8000 series
• Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
• Ryzen Threadripper 3000 and 7000 series
• AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
• AMD Athlon 3000 series Mobile (Dali, Pollock)
• AMD Instinct MI300A

AMD stated in its advisory that it has already released mitigations for its EPYC and AMD Ryzen desktop and mobile CPUs, with further fixes for embedded CPUs coming later.

But... AMD Ryzen™ 3000 Series Desktop Processors, No fix planned

New AMD SinkClose flaw helps install nearly undetectable malware

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly...

www.bleepingcomputer.com

 

[bazang]

Remember all the Intel bashing because of Spectre?

It turns out AMD is not different.

 

[Gandalf_The_Grey]

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose'

AMD said, "There are some older products that are outside our software support window." AMD has no plans to update its Ryzen 1000, 2000, and 3000 series processors or its Threadripper 1000 and 2000 models.

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose'

AMD says some chips fall outside of the software support window.

www.tomshardware.com

 

[Gandalf_The_Grey]

AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

In its initial advisory, AMD promised fixes in the form of BIOS updates and/or hot-loadable microcode updates. But while much of the House of Zen's datacenter and embedded lineup was slated to receive the patch, not all of its consumer-focused parts were so lucky.

Among the more notable exceptions was AMD's Ryzen 3000-series of desktop CPUs codenamed Matisse, which used the same Zen 2 core as AMD's Rome generation of Epyc datacenter chips. However, in a revised advisory, the Ryzen 3000 family is now listed as eligible for the patch, which can be found in "ComboAM4PI 1.0.0ba" released late last week.

AMD's Ryzen 3000 CPUs to get SinkClose patch after all

Still no love for 1000- or 2000-series

www.theregister.com