August 9, 2024 at 01:02PM
AMD has issued a warning about a high-severity CPU vulnerability, SinkClose, affecting multiple generations of EPYC, Ryzen, and Threadripper processors. This flaw allows attackers to gain Ring -2 privileges, enabling malware installation undetectable by typical security tools. The attack has gone undetected for almost 20 years and poses significant threats, particularly from sophisticated threat actors.
Based on the meeting notes, the SinkClose CPU vulnerability affects multiple generations of AMD EPYC, Ryzen, and Threadripper processors, allowing attackers with Kernel-level privileges to gain Ring -2 privileges and install nearly undetectable malware at the System Management Mode (SMM) level. The vulnerability, tracked as CVE-2023-31315 and rated as high severity (CVSS score: 7.5), has been undetected for almost 20 years, impacting a broad range of AMD chip models. It allows attackers to modify SMM settings and bypass security features, posing a significant threat to organizations using AMD-based systems.
AMD has released mitigations for EPYC and Ryzen desktop and mobile CPUs, with further fixes for embedded CPUs coming later. However, the note also highlights that kernel-level vulnerabilities are not uncommon in sophisticated attacks, with threat actors using various techniques to escalate their privileges and gain kernel-level access. It is emphasized that Sinkclose should not be disregarded, especially by organizations facing threats from state-sponsored and sophisticated threat actors.