A recently discovered security vulnerability named “Sinkclose” is causing concern. Millions of systems with AMD Ryzen and EPYC processors are potentially affected.
“Sinkclose” is a vulnerability that allows attackers to execute malicious code on AMD processors when they are in the so-called “System Management Mode”. This mode is particularly sensitive as it contains important firmware files for system operation. The security flaw was discovered by researchers from the company IOActive and publicly disclosed at the Defcon hacker conference.
The vulnerability exploits a function in AMD chips known as TClose, which is intended to maintain compatibility with older devices. By manipulating this function, the researchers were able to redirect the processor to execute their own code at the SMM level. This method is complex but allows attackers deep and persistent control over the system. Particularly concerning is the fact that the vulnerability may have existed for over a decade. However, to exploit the security flaw, attackers need deep access to an AMD-based system.
AMD has confirmed the existence of the vulnerability and responded promptly. The company has published a security bulletin, provided firmware and microcode updates, and developed countermeasures. However, not all processors will receive an update. According to AMD, some older models will remain without a patch. Affected are the Ryzen 1000, 2000, and 3000 series, as well as Threadripper 1000 and 2000. A spokesperson explained that these products are outside the current software support period.