“Sinkclose”: New Flaw Affecting All AMD CPUs Dating Back to 2006 Allows Virtually Unfixable Infections

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,143
Points
113
Sinkclose, a new flaw that is said to affect hundreds of millions of AMD chips that date back to 2006, allowing what's been described as deep and virtually unfixable infections, has been disclosed by two researchers at the DEF CON hacker conference that took place from August 8–11 last week at the Las Vegas Convention Center, according to recent reports.

See full article...
 
Just an FYI on this per TechPowerUp:

"However, to exploit this vulnerability, an attacker must possess access to system's kernel. Downloading of malware-infused files can trigger it, so general safety measures are recommended."

www.techpowerup.com

"Sinkclose" Vulnerability Affects Every AMD CPU Dating Back to 2006

A critical security flaw known as "Sinkclose" (CVE-2023-31315) has been identified in all AMD processors dating back to 2006, potentially affecting hundreds of millions of devices worldwide. This vulnerability allows malicious actors to exploit the chip architecture, leading to unauthorized...
www.techpowerup.com www.techpowerup.com
 
Yeah, I mean, you'd have to be pretty much pwned already by something else for them to be able to exploit this.

But if they do exploit it, it is tough to do much about it, except wiping the drive and starting over.

Unclear if this allows them to write to the EFI, so maybe you'd need to both wipe the drive, re-flash the firmware and then install from scratch to make sure you got rid of it completely.

Sounds like a pain in the butt.
 
Looks like most of these updates were available already in May.

I don't see this as an extreme rush, but it is probably a good idea to flash new BIOS:es to everything.
 
Dick move though. No fix planned for Ryzen 3000 or earlier. :/

www.tomshardware.com

AMD won't patch all chips affected by severe data theft vulnerability — older Ryzen models will not get patched for 'Sinkclose' [Updated]

AMD says some chips fall outside of the software support window.
www.tomshardware.com www.tomshardware.com

If this had happened after the Windows 10 EOL, I could see them justifying not patching anything that doesn't officially support Windows 11. I would still be annoyed by that decision, but I could see them making that argument.

But as it is, everything that is capable of running Windows 10 should be patched.
 
Last edited:
Yeah every time there is an esxi vulnerability my mgmt goes bonkers..... I'm like, calm down people, if bots\peeps are getting direct access to our esxi hosts we have bigger problems. None of that stuff can be accessed externally without jumping through 4 layers of BS
 
Zarathustra said:
Dick move though. No fix planned for Ryzen 3000 or earlier. :/

www.tomshardware.com

AMD won't patch all chips affected by severe data theft vulnerability — older Ryzen models will not get patched for 'Sinkclose' [Updated]

AMD says some chips fall outside of the software support window.
www.tomshardware.com www.tomshardware.com

If this had happened after the Windows 10 EOL, I could see them justifying not patching anything that doesn't officially support Windows 11. I would still be annoyed by that decision, but I could see them making that argument.

But as it is, everything that is capable of running Windows 10 should be patched.
Click to expand...
The 3000 series does support W11, even some 2000 series are listed as supported.
 
So wait... How... What I mean is . If my motherboard supports all am4 cpu's how do I apply the updated bios but not get the fix? Does the updated bios drop support for older professors from the mobo? Or is the microcode paths simple separate?
 
Apparently they ahve backtracked a little and will be providing a fix for 3000 series after all. 1000 and 2000 series are still out of luck I think.
 
Grimlakin said:
So wait... How... What I mean is . If my motherboard supports all am4 cpu's how do I apply the updated bios but not get the fix? Does the updated bios drop support for older professors from the mobo? Or is the microcode paths simple separate?
Click to expand...

The fix is in the microcode. The microcode is specific per CPU. The BIOS includes the microcode for each supported CPU, but if AMD only updates it for specific models, if you aren't running one of those models, then it won't get the fix.

At least that is my understanding, though I have to admit I am not super well read on microcode and how it works.
 
You must log in or register to reply here.
Become a Patron!
Back
Top