AMD won’t patch Sinkclose security bug on older Zen CPUs

AMD won’t patch Sinkclose security bug on older Zen CPUs

August 12, 2024 at 11:21PM

AMD processors dating back to 2006 have a security vulnerability called SinkClose, which allows rogue users to run code in System Management Mode (SMM). Only models made since 2020 will be patched. The flaw affects AMD CPUs dating back nearly 20 years. Processors receiving fixes will get firmware updates via BIOS makers or microcode updates.

Based on the meeting notes, here are the key takeaways:

– Some AMD processors dating back to 2006 have a security vulnerability called SinkClose, which allows malicious software and rogue privileged users to run code in System Management Mode (SMM), a highly privileged execution environment present in AMD x86 processors.
– SinkClose is rated 7.5 out of 10 in terms of CVSS severity and is unique to AMD processors. It has been discovered by the folks at infosec services outfit IOActive.
– The vulnerability can allow unauthorized access to the system, enabling spying, data theft, persistent infection at the BIOS level, and interference with the system’s operations and security tools.
– The fix for this vulnerability will be delivered in the form of a firmware update via BIOS makers or a hot-loadable microcode update for affected processors.
– The list of CPUs that have the flaw and for which mitigations or fixes have been made available include Epyc processors from generations one through four, and several Ryzen series products such as the 3000, 4000, 5000, 7000, and 8000 ranges.
– However, some AMD processors, such as certain Ryzen 1000 and 2000 embedded CPUs desktop, won’t be patched, with the company considering them as having exited support.
– The company has decided not to patch Ryzen 3000 desktop CPUs codenamed “Matisse”, indicating a potential end to security updates for those processors.

This information provides a clear overview of the SinkClose vulnerability and its impact on AMD processors, as well as the company’s approach to mitigating the issue for specific CPU models.

Full Article