Critical "Sinkclose" flaw in AMD processors: Is your computer at risk?

IT security specialists Enrique Nissim and Krzysztof Okupski from IOActive have discovered a critical vulnerability in AMD Ryzen and Epyc processors. The "Sinkclose" vulnerability is present in millions of computers worldwide, and unfortunately, there is no simple way to fix it. In the worst-case scenario, the only solution might be to dispose of the affected computer.

Security vulnerabilities can arise in software and computer components, such as processors and memory chips. The threat is significant because these vulnerabilities can lead to system infections and compromise confidential information.

This situation applies to the new vulnerability discovered by Enrique Nissim and Krzysztof Okupski of IOActive. Details of this threat were revealed at the Defcon conference. According to the researchers, the vulnerability exists in practically all AMD processors released since 2006 and possibly even in older models. Unofficially, it is believed that millions of computers, servers, and embedded systems are affected.

Wired reports that the vulnerability allows cybercriminals to run their own code in System Management Mode (SMM), a highly privileged area of processors usually reserved for critical firmware operations.

This vulnerability enables cybercriminals to install bootkit-type malware that is potentially invisible to the operating system. This grants the hacker access to manipulate the machine and monitor its activity. Moreover, the malware can survive even after the operating system is reinstalled.

However, exploiting the vulnerability requires attackers to access the system kernel. While this is not easy, experienced hackers may possess the tools needed to accomplish it.

Okupski outlines the severe consequences: "Imagine hackers from nation-states or anyone wanting to persist in our system. It will still be there even if you completely clean your hard drive." He adds that such software "will be almost undetectable and nearly impossible to remove."

To remove the malware, it is necessary to open the computer, connect to a specific part of its memory using an SPI Flash programmer, thoroughly check the memory, and then remove the detected software. This is not an easy task. Nissim explains the worst-case scenario more bluntly: "Essentially, you have to throw away your computer."

The researchers waited 10 months before disclosing the vulnerability to give AMD more time to fix it. The manufacturer confirmed the vulnerability's existence and began releasing patches to mitigate its effects. Patches for some devices have already been released, and more are expected soon. However, AMD has not yet disclosed how it plans to address the vulnerability in all affected processors.

Although there is no official information about the exploitation of the Sinkclose vulnerability, experienced state-sponsored hackers may already have the means to use it to attack computers. Researchers warn that the vulnerability poses a serious threat, and users should not delay implementing the available patches.