'SinkClose' AMD CPU vulnerability explained: How dangerous is it really?


Orhan Turan/Getty Images

Worrying computer news always comes out of the hacker convention Defcon — and this year was no different. A pair of security researchers, Enrique Nissim and Krzysztof Okupski from security specialist IOActive, announced they’d found a nasty CPU vulnerability, which they named SinkClose. 

The flaw endangers essentially all — yes, all — AMD processors made since 2006. As I sit here using my brand-new, eight-core 3.8 GHz AMD Ryzen 7 processor-powered HP Pavilion Desktop TP01-223, I am not amused. 

Also: The best VPN services (and how to choose the right one for you)

According to an IOActive statement: “The vulnerability is nearly impossible to fix in computers that aren’t configured correctly, which is the case for most systems. In properly configured systems, the vulnerability could lead to malware infections — known as bootkits — that are nearly impossible to detect.”

Digging deeper, SinkClose, officially CVE-2023-31315, can attack multiple generations of EPYC, Ryzen, and Threadripper processors. It has a Common Vulnerability Scoring System (CVSS) score of 7.5, which means it’s a serious vulnerability.  

Also: You can upgrade your old PC to Windows 11 – even if Microsoft says it’s ‘incompatible’. Here’s how

This vulnerability allows attackers with kernel-level access to escalate privileges to System Management Mode (SMM), a highly privileged state within the CPU. This access, in turn, can enable a hacker to install undetectable malware, making it a severe threat to system security.

That threat sounds scary, but you should note that actors must have “kernel-level” access to attack your system properly. No one’s likely to get that level of access to the PC on my or your desktop. Getting that kind of access is too much trouble for too little value. If you have servers, data centers, and clouds, though, it’s another story. 

Still, as AMD maintained in a note to Dark Reading, SinkClose alone is like: “having the knowledge to break into a safe deposit box at the bank. In the real world, to get to the box, a burglar must first get past the alarms, the guards, the vault door, and its own locks, clearly not an easy task.”

Also: Intel chip bug: Which PCs are affected, how to get the patch, and everything else to know

AMD has released security updates to address SinkClose in its newer and most powerful processors, such as the EPYC data center processors and the latest Ryzen models. However, some of its older and still-popular chips, such as the Ryzen 3000, 2000, and 1000 chips, won’t be getting patches

So, what can you do about the issue? Let’s go over your options.

First, the complete vulnerability list covers the following processors:

  • EPYC 1st, 2nd, 3rd, and 4th generations

  • EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000

  • Ryzen Embedded V1000, V2000, and V3000

  • Ryzen 3000, 5000, 4000, 7000, and 8000 series

  • Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series

  • Ryzen Threadripper 3000 and 7000 series

  • AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)

  • AMD Athlon 3000 series Mobile (Dali, Pollock)

  • AMD Instinct MI300A

To protect the more recent version of these CPUs, you’ll need to ensure your system’s BIOS is updated with the latest AMD patches. 

Also: What CPU and motherboard do I have? Here are some fast and easy ways to find out

Check with your PC vendor or motherboard manufacturer to see what’s available.

As always, you should protect your system with system updates, the correct use of passwords, and two-factor authentication (2FA). After all, if you can keep an attacker out of your system in the first place, they’ll never be able to use SinkClose to pry your CPU open. 

If you’re using an older, unpatched processor, I’d give AMD a piece of your mind. If enough people demand the fixes, the company will issue patches. 

Also: Stop paying for third-party antivirus software. Here’s why

If you’d rather not wait to see if AMD does the right thing, especially if you’re using older AMD CPUs in your servers, you should grit your teeth and buy new computers. 

We might get lucky and this threat may become a molehill rather than a mountain. But when it comes to security, I don’t believe in luck. I’m already taking steps to protect my AMD-powered machines — and you should, too. 





Source link