If you're rocking an AMD build, there's a high chance you're vulnerable to a serious security flaw that's been dubbed Sinkclose. That
Ryzen 7 7800X3D pictured above? It's affected, as is the entire Ryzen 7000 series range and a slew of other processor models dating back to 2006. Another tidbit that won't give any AMD users warm fuzzies—not every affected processor will be patched to protect users from the threat.
Researchers Enrique Nissim and Krzysztof Okupski from IOActive blew the whistle on the security flaw during a DEF CON talk. You can catch all the gory details in the greater-than 46-minute video embedded below, if you have the time and interest...
For those who don't have the time or desire to watch a 46-minute video, the super truncated version is that this is an SMM (System Management Mode) bypass flaw with potentially serious consequences. It's not necessarily cause for panic, though. Tracked as
CVE-2023-31315, the flaw carries a CVSS (Common Vulnerability Scoring System) rating of 7.5, which puts it into the 'High' but not 'Critical' category.
"Improper validation in a model specific register (MSR) could allow a malicious program with Ring 0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution," the description reads.
Put more plainly, the flaw is one that requires an attacker to already have kernel access on a victim's PC, through a separate (and different) attack method. That's what the description means by "Ring 0 access," which is the kernel level. An attacker could then leverage Sinkclose to gain Ring 2—or SMM—privileges and blast a system with malware that would be extremely difficult to detect, let alone remove.
An attacker could also modify SMM settings to perform nefarious actions like disabling security protections, which can work in tandem with installing malware and/or a bootkit on a compromised system. What's basically at play is an attack vector deep within a system that would be hard to detect (virtually invisible to the OS), and just as hard to remove—it could survive an OS reinstall.
In a
statement provided to Wired, the researchers said detecting malware installed via Sinkclose would require connecting a CPU to a to a physical tool called an SPI Flash programmer.
"Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there," Okupski said. "It's going to be nearly undetectable and nearly unpatchable. You basically have to throw your computer away."
According to the researchers, the startling flaw has gone
undetected for nearly 20 years. AMD also confirmed that it affects a wide range of processor families, such as Gen 1-4 EPYC processors, several EPYC Embedded processors, Ryzen 3000-8000 series CPUs, and many more.
On the bright side, AMD has already begun rolling out patches to address the issue on several EPYC and Ryzen processors, namely desktop and laptop models. Embedded CPU mitigations are in the pipeline. That said, not every chip will see an update.
"There are some older products that are outside our software support windows,"
AMD said in a statement to
Tom's Hardware.
As such, AMD apparently is not planning to issue fixes for older Ryzen 3000 series processors. It's also not clear if AMD's new Ryzen 9000 and Ryzen AI 300 processors are already protected from the
Sinkclose attack vector.