Vulnerability to 18-Year-Old “Sinkclose” Deep System Flaw Found in Millions of AMD CPUs, but Quite Difficult to Exploit

General
Vulnerability to 18-Year-Old “Sinkclose” Deep System Flaw Found in Millions of AMD CPUs, but Quite Difficult to Exploit

Security researchers have discovered a vulnerability affecting nearly all AMD CPUs, dubbed “Sinkclose,” that allows an attacker who already has kernel-level access to change SMM (system management mode) settings even if existing protections are enabled It allows an attacker to.

An attacker could take advantage of this flaw to install malware. However, accessing the kernel in the first place is no easy task, and AMD has already begun releasing a fix for some of the affected chips (via Bleeping Computer). [The vulnerability was discovered by Enrique Nissim and Krzysztof Okupski, researchers at security services firm IOActive, and was announced at this year's Def Con security conference in Las Vegas over the weekend.

To exploit this flaw, an attacker must first establish kernel access to the target machine through another attack method. This level of system access is defined as Ring 0 privileges, essentially opening the heart of the system to further attack. If successful, the attacker can enable Ring-2 privilege and install an undetectable bootkit that violates the master boot record.

System Management Mode (SMM) is one of the deepest operating modes of x86 architecture chips and is intended to be used by BIOS/UEFI for power management, system hardware control, and proprietary code designed by some OEMs. Once compromised, no anti-virus or anti-malware program will be able to detect malicious code operating in this manner deep within the heart of the system. To detect this, the user would need to physically connect to the CPU and scan the memory for malware.

AMD has released an advisory notice detailing the chips vulnerable to this attack and the firmware fixes available to OEMs for BIOS updates to fix the flaw. However, Ryzen 3000, 2000, and 1000 series chips will not receive the update; AMD told Tom's Hardware that “there are some older products that are outside our software support window.”

Many of AMD's newest processors have already received updates to remove the vulnerabilities; if you own an AMD CPU and haven't updated your BIOS in a while, it's worth checking with your motherboard manufacturer to make sure you have a fully up-to-date version.

Still, home users should not worry too much, as data center systems and machines that hold very sensitive information are likely to be targeted.

AMD's latest Zen 5 9000 series processors, such as the Ryzen 5 9600X and Ryzen 7 9700X, are not included in the list, probably because they use the latest BIOS revision with the fix already applied. While this flaw may be difficult to exploit, it remains a rather nasty way for a system to be targeted by malicious actors, so the usual advice applies.

Categories