Urgent: New AMD Flaw Exposes Millions of Computers to Hidden Malware. Here is what we know.

AMD

Urgent: New AMD Flaw Exposes Millions of Computers to Hidden Malware. Here is what we know.

A new security vulnerability, known as the SinkClose flaw, has been discovered in AMD processors. This flaw poses a significant threat as it allows attackers to install nearly undetectable malware. The vulnerability affects multiple generations of AMD’s EPYC, Ryzen, and Threadripper processors.

AMD

What is the SinkClose Flaw?

The SinkClose flaw enables attackers with Kernel-level (Ring 0) access to gain even deeper control by modifying System Management Mode (SMM) settings. SMM is a highly privileged area of the processor, typically reserved for critical firmware operations. By exploiting this flaw, attackers can install malware that remains hidden from standard antivirus tools and persists even after the operating system is reinstalled.

How Does It Work?

To exploit the SinkClose flaw, attackers must first gain access to a system’s kernel. This is not an easy task, but it is possible through other vulnerabilities or attacks. Once they have kernel access, they can manipulate an ambiguous feature in AMD chips known as TClose. This feature is meant to maintain compatibility with older devices but can be redirected to execute malicious code at the SMM level.

Potential Impact on AMD Processors

The impact of the SinkClose flaw is severe. It allows attackers to deeply infiltrate a system, making it extremely difficult to detect or remove the malware. In some cases, it may be easier to abandon an infected machine than to repair it. This vulnerability is particularly concerning for corporations and government entities, as it could allow attackers to surveil activity and tamper with critical systems.

Here is a list of some of the affected products:

AMD EPYC Processors

  • EPYC 7001 Series
  • EPYC 7002 Series
  • EPYC 7003 Series

AMD Ryzen Processors

  • Ryzen 1000 Series
  • Ryzen 2000 Series
  • Ryzen 3000 Series
  • Ryzen 4000 Series
  • Ryzen 5000 Series
  • Ryzen 7000 Series
  • Ryzen 8000 Series

AMD Threadripper Processors

  • Threadripper 1000 Series
  • Threadripper 2000 Series
  • Threadripper 3000 Series

Embedded Processors

  • Ryzen Embedded V1000 Series
  • Ryzen Embedded R1000 Series

Mitigation Efforts by AMD

AMD has acknowledged the issue and is actively working on mitigation options. The company has released patches for data center products and Ryzen PC products, with mitigations for embedded products coming soon. However, not all affected processors have received a patch yet, and the complexity of the flaw makes it challenging to fully address.

Conclusion

The discovery of the SinkClose flaw highlights the ongoing challenges in securing modern processors. While AMD is taking steps to mitigate the issue, the severity of the flaw underscores the importance of robust security measures and vigilance in protecting critical systems. Users and organizations should stay informed about updates and patches to safeguard their devices against this nearly undetectable threat.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Post Comment