Sinkclose, a new flaw that is said to affect hundreds of millions of AMD chips that date back to 2006, allowing what’s been described as deep and virtually unfixable infections, has been disclosed by two researchers at the DEF CON hacker conference that took place from August 8–11 last week at the Las Vegas Convention Center, according to recent reports. The vulnerability, which may affect CPUs that are even older than 2006, reportedly allows malware to burrow so deep into a computer’s memory that it would be easier to throw the machine out than try to fix it.
“Guest Memory Vulnerabilities” details:
- CVE: CVE-2023-31315
- CVSS: 7.5 (High) AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
- Description: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Some of the affected products include:
- AMD Ryzen 3000 Series Desktop Processors
- AMD Ryzen 5000 Series Desktop Processors
- AMD Ryzen 5000 Series Desktop processor with Radeon Graphics
- AMD Ryzen 7000 Series Desktop Processors
- AMD Ryzen 4000 Series Desktop Processors with Radeon Graphics
- AMD Ryzen 8000 Series Processors with Radeon Graphics
From a report:
- “The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware.”
- “IOActive’s researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.”
- “…exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still.”
- “…an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity.”
A summary from AMD:
Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.