August 13, 2024 at 06:42AM
IOActive disclosed Sinkclose, a new AMD processor vulnerability that has been around for 20 years, targeting SMM. Exploiting the flaw needs deep understanding of the architecture, but not physical access. AMD has published mitigations and firmware updates, prioritizing security despite it affecting seriously breached systems. The malware planted is stealthy but detectable.
Based on the meeting notes, here are the key takeaways:
1. IOActive disclosed a new vulnerability, known as Sinkclose, that affects AMD processors by targeting the System Management Mode (SMM), providing attackers with deep access to targeted systems.
2. Sinkclose, which has been present for almost two decades, can potentially enable attackers to break secure boot and deploy firmware implants, impacting AMD CPUs including the Ryzen and Epyc series processors.
3. AMD has responded by releasing a security advisory with mitigations for Sinkclose attacks, including firmware updates. However, some older CPUs will not receive patches.
4. AMD emphasized that Sinkclose attacks require leverage of other vulnerabilities to defeat the operating system’s security measures and gain kernel privileges before the exploit can be executed.
5. While sophisticated threat groups, such as state-sponsored actors, may have the capability to exploit Sinkclose, by the time they gain the privileges required, they would already have complete control of the system.
6. The malware planted using the Sinkclose method would be stealthy, but not impossible to detect.
7. This vulnerability may impact hundreds of millions of devices using AMD CPUs, and the company has acknowledged the seriousness of the issue and is working to mitigate the impact through security advisories and updates.