Security News New AMD SinkClose flaw helps install nearly undetectable malware

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,345
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system's Kernel.

The Ring -2 privilege level is associated with modern CPUs' System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.

Due to its high privilege level, SMM is isolated from the operating system to prevent it from being targeted easily by threat actors and malware.
According to AMD's advisory, the following models are affected:
  • EPYC 1st, 2nd, 3rd, and 4th generations
  • EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
  • Ryzen Embedded V1000, V2000, and V3000
  • Ryzen 3000, 5000, 4000, 7000, and 8000 series
  • Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
  • Ryzen Threadripper 3000 and 7000 series
  • AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
  • AMD Athlon 3000 series Mobile (Dali, Pollock)
  • AMD Instinct MI300A
AMD stated in its advisory that it has already released mitigations for its EPYC and AMD Ryzen desktop and mobile CPUs, with further fixes for embedded CPUs coming later.
But... AMD Ryzen™ 3000 Series Desktop Processors, No fix planned

 
  • Wow
Reactions: silversurfer

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,345
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose'
AMD said, "There are some older products that are outside our software support window." AMD has no plans to update its Ryzen 1000, 2000, and 3000 series processors or its Threadripper 1000 and 2000 models.
 
  • +Reputation
Reactions: silversurfer

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,345
AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all
In its initial advisory, AMD promised fixes in the form of BIOS updates and/or hot-loadable microcode updates. But while much of the House of Zen's datacenter and embedded lineup was slated to receive the patch, not all of its consumer-focused parts were so lucky.

Among the more notable exceptions was AMD's Ryzen 3000-series of desktop CPUs codenamed Matisse, which used the same Zen 2 core as AMD's Rome generation of Epyc datacenter chips. However, in a revised advisory, the Ryzen 3000 family is now listed as eligible for the patch, which can be found in "ComboAM4PI 1.0.0ba" released late last week.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top