“Sinkclose”: New Flaw Affecting All AMD CPUs Dating Back to 2006 Allows Virtually Unfixable Infections

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

Image: AMD

Sinkclose, a new flaw that is said to affect hundreds of millions of AMD chips that date back to 2006, allowing what’s been described as deep and virtually unfixable infections, has been disclosed by two researchers at the DEF CON hacker conference that took place from August 8–11 last week at the Las Vegas Convention Center, according to recent reports. The vulnerability, which may affect CPUs that are even older than 2006, reportedly allows malware to burrow so deep into a computer’s memory that it would be easier to throw the machine out than try to fix it.

“Guest Memory Vulnerabilities” details:

  • CVE: CVE-2023-31315
  • CVSS: 7.5 (High) AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Description: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Some of the affected products include:

  • AMD Ryzen 3000 Series Desktop Processors
  • AMD Ryzen 5000 Series Desktop Processors
  • AMD Ryzen 5000 Series Desktop processor with Radeon Graphics
  • AMD Ryzen 7000 Series Desktop Processors
  • AMD Ryzen 4000 Series Desktop Processors with Radeon Graphics
  • AMD Ryzen 8000 Series Processors with Radeon Graphics

From a report:

  • “The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware.”
  • “IOActive’s researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.”
  • “…exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still.”
  • “…an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity.”

A summary from AMD:

Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.

Source
Via

Join the discussion in The FPS Review Forums...

Discussion (11 replies)

Join Discussion →
B

...great...

Peter_Brosdahl
Peter_Brosdahl 👍 1

Just an FYI on this per TechPowerUp:

"However, to exploit this vulnerability, an attacker must possess access to system's kernel. Downloading of malware-infused files can trigger it, so general safety measures are recommended."

[URL unfurl="true"]https://www.techpowerup.com/325488/sinkclose-vulnerability-affects-every-amd-cpu-dating-back-to-2006[/URL]

Zarathustra
Zarathustra 👍 1

Yeah, I mean, you'd have to be pretty much pwned already by something else for them to be able to exploit this.

But if they do exploit it, it is tough to do much about it, except wiping the drive and starting over.

Unclear if this allows them to write to the EFI, so maybe you'd need to both wipe the drive, re-flash the firmware and then install from scratch to make sure you got rid of it completely.

Sounds like a pain in the butt.

Zarathustra
Zarathustra 👍 1

Looks like most of these updates were available already in May.

I don't see this as an extreme rush, but it is probably a good idea to flash new BIOS:es to everything.

Zarathustra
Zarathustra 👍 2

Dick move though. No fix planned for Ryzen 3000 or earlier. :/

[URL unfurl="true"]https://www.tomshardware.com/pc-components/cpus/amd-wont-patch-all-chips-affected-by-severe-data-theft-vulnerability-ryzen-1000-2000-and-3000-will-not-get-patched-among-others[/URL]

If this had happened after the Windows 10 EOL, I could see them justifying not patching anything that doesn't officially support Windows 11. I would still be annoyed by that decision, but I could see them making that argument.

But as it is, everything that is capable of running Windows 10 should be patched.

B
Burticus 👍 1

Yeah every time there is an esxi vulnerability my mgmt goes bonkers..... I'm like, calm down people, if bots\peeps are getting direct access to our esxi hosts we have bigger problems. None of that stuff can be accessed externally without jumping through 4 layers of BS

U
Uvilla 👍 2

" I'm inside the house "

MadMummy76

"Zarathustra, post: 88143, member: 203" wrote:

Dick move though. No fix planned for Ryzen 3000 or earlier. :/



[URL unfurl="true"]https://www.tomshardware.com/pc-components/cpus/amd-wont-patch-all-chips-affected-by-severe-data-theft-vulnerability-ryzen-1000-2000-and-3000-will-not-get-patched-among-others[/URL]



If this had happened after the Windows 10 EOL, I could see them justifying not patching anything that doesn't officially support Windows 11. I would still be annoyed by that decision, but I could see them making that argument.



But as it is, everything that is capable of running Windows 10 should be patched.


The 3000 series does support W11, even some 2000 series are listedas supported.

Grimlakin

So wait... How... What I mean is . If my motherboard supports all am4 cpu's how do I apply the updated bios but not get the fix? Does the updated bios drop support for older professors from the mobo? Or is the microcode paths simple separate?

Zarathustra
Zarathustra 👍 1

Apparently they ahve backtracked a little and will be providing a fix for 3000 series after all. 1000 and 2000 series are still out of luck I think.

Zarathustra
Zarathustra 👍 1

"Grimlakin, post: 88282, member: 215" wrote:

So wait... How... What I mean is . If my motherboard supports all am4 cpu's how do I apply the updated bios but not get the fix? Does the updated bios drop support for older professors from the mobo? Or is the microcode paths simple separate?

The fix is in the microcode. The microcode is specific per CPU. The BIOS includes the microcode for each supported CPU, but if AMD only updates it for specific models, if you aren't running one of those models, then it won't get the fix.

At least that is my understanding, though I have to admit I am not super well read on microcode and how it works.

Tsing Mui
News poster at The FPS Review.

Recent News