TechCritical "Sinkclose" flaw in AMD processors: Is your computer at risk?

Critical "Sinkclose" flaw in AMD processors: Is your computer at risk?

IT security specialists Enrique Nissim and Krzysztof Okupski from IOActive have discovered a critical vulnerability in AMD Ryzen and Epyc processors. The "Sinkclose" vulnerability is present in millions of computers worldwide, and unfortunately, there is no simple way to fix it. In the worst-case scenario, the only solution might be to dispose of the affected computer.

AMD Ryzen Processor
AMD Ryzen Processor
Images source: © Adobe Stock

6:27 PM EDT, August 11, 2024

Security vulnerabilities can arise in software and computer components, such as processors and memory chips. The threat is significant because these vulnerabilities can lead to system infections and compromise confidential information.

This situation applies to the new vulnerability discovered by Enrique Nissim and Krzysztof Okupski of IOActive. Details of this threat were revealed at the Defcon conference. According to the researchers, the vulnerability exists in practically all AMD processors released since 2006 and possibly even in older models. Unofficially, it is believed that millions of computers, servers, and embedded systems are affected.

Serious security vulnerability in AMD processors

Wired reports that the vulnerability allows cybercriminals to run their own code in System Management Mode (SMM), a highly privileged area of processors usually reserved for critical firmware operations.

This vulnerability enables cybercriminals to install bootkit-type malware that is potentially invisible to the operating system. This grants the hacker access to manipulate the machine and monitor its activity. Moreover, the malware can survive even after the operating system is reinstalled.

However, exploiting the vulnerability requires attackers to access the system kernel. While this is not easy, experienced hackers may possess the tools needed to accomplish it.

Okupski outlines the severe consequences: "Imagine hackers from nation-states or anyone wanting to persist in our system. It will still be there even if you completely clean your hard drive." He adds that such software "will be almost undetectable and nearly impossible to remove."

Fixing the vulnerability will be difficult

To remove the malware, it is necessary to open the computer, connect to a specific part of its memory using an SPI Flash programmer, thoroughly check the memory, and then remove the detected software. This is not an easy task. Nissim explains the worst-case scenario more bluntly: "Essentially, you have to throw away your computer."

The researchers waited 10 months before disclosing the vulnerability to give AMD more time to fix it. The manufacturer confirmed the vulnerability's existence and began releasing patches to mitigate its effects. Patches for some devices have already been released, and more are expected soon. However, AMD has not yet disclosed how it plans to address the vulnerability in all affected processors.

Although there is no official information about the exploitation of the Sinkclose vulnerability, experienced state-sponsored hackers may already have the means to use it to attack computers. Researchers warn that the vulnerability poses a serious threat, and users should not delay implementing the available patches.

Related content
© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.