A long-standing security flaw in AMD CPUs known as Sinkclose may render affected computers essentially unfixable.
Enrique Nissim and Krzysztof Okupski, security professionals at IOActive, revealed the vulnerability to Wired before to the Defcon hacking convention.
The method takes advantage of a TClose feature that keeps older devices’ system management memory compatible. By tricking the memory code into obtaining compromised data through the use of Close, an attacker can execute malicious code with the same high privileges as the management memory.
According to Okupski, sinkclose is “nearly undetectable and nearly unpatchable” in addition to being deeply ingrained in AMD CPUs. Using an SPI Flash programmer to directly connect the memory chips and erase the memory is the only way to solve the problem. You might have to get rid of the computer if that isn’t an option. Erasing storage is ineffective.
Casual breaches are improbable since an attacker would need to gain access to the kernel, the lowest-level code of an operating system, in order to infect a PC in this manner. However, kernel-level vulnerabilities are not uncommon, and state-sponsored hackers are more likely to possess the knowledge and resources required to reach that depth. In theory, they may install spyware that even professionals miss.
In a statement to Wired, AMD acknowledged Sinkclose and reaffirmed the difficulties in implementing it. The company also stated that similar safeguards for embedded chips would be available “soon.” It now offers “mitigation options” for Ryzen and Epyc CPUs. A large portion of AMD’s recent chip range is included in the list of impacted chips.
AMD may or may not decide to fully disable the Sinkclose exploit. Nissim and Okupski are urging system patching since they are concerned that hackers may find the problem on their own. IOActive researchers have agreed to postpone sharing example code for a few months in order to allow for remedies.
