Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,345
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.
Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system's Kernel.
The Ring -2 privilege level is associated with modern CPUs' System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.
Due to its high privilege level, SMM is isolated from the operating system to prevent it from being targeted easily by threat actors and malware.
According to AMD's advisory, the following models are affected:
AMD stated in its advisory that it has already released mitigations for its EPYC and AMD Ryzen desktop and mobile CPUs, with further fixes for embedded CPUs coming later.
- EPYC 1st, 2nd, 3rd, and 4th generations
- EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
- Ryzen Embedded V1000, V2000, and V3000
- Ryzen 3000, 5000, 4000, 7000, and 8000 series
- Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
- Ryzen Threadripper 3000 and 7000 series
- AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
- AMD Athlon 3000 series Mobile (Dali, Pollock)
- AMD Instinct MI300A
But... AMD Ryzen™ 3000 Series Desktop Processors, No fix planned
New AMD SinkClose flaw helps install nearly undetectable malware
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly...
www.bleepingcomputer.com