A team of security researchers from IOActive has revealed a highly severe vulnerability in AMD CPUs dating back to as early as 2006, nearly 20 years ago (despite its long-standing presence, it was only recently discovered).
This vulnerability, dubbed “Sinkclose,” allows a hacker to access the highest privilege level or kernel level of the operating system (Ring 0 according to the Protection Ring system), enabling them to manipulate the CPU’s System Management Mode (SMM) which resides in Ring 2, lower than the operating system but separate from it. As a result, hackers can embed malware in SMM even if it is locked and difficult to detect by the operating system level. External tools are required to connect to the CPU and scan from memory units.
With a severity score of 7.5 out of 10, exploiting this vulnerability is relatively challenging in practice because hackers must first gain kernel level access. Therefore, the likelihood of widespread attacks through this vulnerability is low, but targeted intrusions by advanced hacker groups to steal crucial information from specific target organizations may occur.
AMD has identified the impacted CPU models ranging from Ryzen 3000, Threadripper 3000, Athlon 3000 Mobile, and Epyc 1st Gen (in contrast to older information from IOActive). AMD has released urgent patches to mitigate the impact of the vulnerability and will provide firmware updates to permanently address the issue in the future.
Sources – AMD, IOActive, Wired, Bleeping Computer
TLDR: IOActive researchers discovered a critical security vulnerability named “Sinkclose” in AMD CPUs dating back to 2006, allowing hackers to access privileged parts of the system and potentially embed malware in the CPU’s System Management Mode (SMM). AMD has released patches to mitigate the vulnerability and will provide firmware updates for affected CPU models.
Leave a Comment