August 12, 2024 at 04:42PM
AMD has issued firmware updates to address a nearly two-decades-old silicon-level vulnerability in its EPYC data center processors and its Ryzen processors for PCs and embedded systems. The “SinkClose” flaw affects a component in the processor protecting System Management Mode, potentially allowing attackers to implant almost undetectable malware. AMD has released mitigation options for impacted products.
From the meeting notes, the key points include:
– AMD has released firmware updates to address a silicon-level vulnerability in its EPYC data center processors and Ryzen processors for PCs and embedded systems.
– The vulnerability affects a processor component protecting System Management Mode (SMM), allowing potential privilege escalation, implanting of almost impervious malware, and potential modification of SMM configuration even with SMM Lock enabled.
– The “SinkClose” vulnerability, described as nearly impossible to fix in most systems, has been identified by IOActive researchers as a way for attackers to drop persistent and invisible malware in affected systems.
– IOActive researchers found a way to overcome protections of SMM and execute code of their choice from outside the system management random access memory (SMRAM) by leveraging a legacy memory management feature in AMD chips.
– AMD has described the attacker’s required level of access to exploit the “SinkClose” vulnerability, likening it to having the knowledge to break into a safe deposit box at the bank.
AMD has released mitigation options for its affected products, and a full list of impacted products and mitigation options is available in their product security bulletin.