A new and serious vulnerability has come to light, and this time it’s not just Intel under the microscope. AMD, a major player in the processor market, is facing scrutiny over a significant flaw known as SinkClose. This issue is affecting a vast number of devices globally, putting hundreds of millions of users at risk.
What Is SinkClose?
SinkClose, officially identified as CVE-2023-31315, is a critical vulnerability that allows malicious actors to gain access to one of the highest levels of control within a system’s architecture—“Ring -2,” or System Management Mode (SMM). This is a level of access that surpasses even the operating system or hypervisor, making it extremely dangerous. Once in control, an attacker could install undetectable malware, leaving users highly vulnerable.
This alarming discovery was highlighted during the Def Con conference, a major event in the cybersecurity world where experts reveal and discuss the latest threats.
A 20-Year-Old Flaw
What makes SinkClose particularly concerning is its age. Researchers have traced this flaw back to the physical architecture of AMD processors, meaning it has been present in their chips for nearly two decades. As a result, a wide range of AMD processors are affected, including:
- EPYC 1st, 2nd, 3rd, and 4th generations
- EPYC Embedded 3000, 7002, 7003, 9003, R1000, R2000, 5000, and 7000 series
- Ryzen Embedded V1000, V2000, and V3000 series
- Ryzen 3000, 5000, 4000, 7000, and 8000 series
- Ryzen Mobile 3000, 5000, 4000, and 7000 series
- Ryzen Threadripper 3000 and 7000 series
- AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
- AMD Athlon 3000 series Mobile (Dali, Pollock)
- AMD Instinct MI300A
How Big Is the Threat?
When a vulnerability of this magnitude is discovered, the first question is often about how easily it can be exploited. In the case of SinkClose, exploitation requires « Ring 0 » access, meaning the attacker needs control over the kernel mode of the operating system. To achieve this, they would typically need to exploit another vulnerability—whether in hardware, software, or through social engineering—to gain initial access to the system.
This requirement does mitigate the immediate risk of large-scale attacks, but it doesn’t eliminate the danger entirely. Skilled attackers who can gain the necessary access could still use SinkClose to inflict significant harm.
AMD’s Partial Fix
In response to this vulnerability, AMD has issued a security bulletin on its official website, outlining the planned security updates for affected processors. In many cases, a platform firmware update will be sufficient to address the issue. For AMD’s embedded processors (such as AMD Epyc 3000, 7002, 7003, AMD Ryzen R1000, R2000, Embedded 5000, and Embedded 7000), these updates are expected to roll out in October 2024.
However, there is some bad news for users of AMD’s mainstream Ryzen 3000 processors (codenamed Matisse). According to AMD, no fix is currently planned for these processors, leaving those systems potentially vulnerable.
What You Should Do
For users with affected AMD processors, it’s crucial to stay informed about the upcoming firmware updates and apply them as soon as they become available. In the meantime, maintaining good cybersecurity practices—such as keeping your system and software updated, avoiding suspicious downloads, and using strong, unique passwords—remains essential in minimizing your risk.
SinkClose is a stark reminder of the complexities and long-term risks associated with hardware vulnerabilities. As the technology landscape continues to evolve, so too must our vigilance in protecting the devices we rely on every day.