Nearly all AMD processors released since 2006 are vulnerable to a bug. Exploitation is difficult and requires kernel access, but has a large impact. AMD will only patch supported processors, but no Epyc chip will be left out.

AMD processors are vulnerable to a bug that has existed under the radar for eighteen years, but fortunately has never been exploited. The bug has been dubbed Sinkclose and allows attackers to penetrate so deeply into an infected computer or server that even a full reset and reinstall of Windows will not solve the problem.

The bug abuses the CPU’s System Management Mode (SMM), an area that is normally inaccessible to anyone and is used exclusively to execute critical firmware code. An attacker who has already gained access to a system must then gain access to the kernel. This is no easy task, as a system’s security will do everything it can to detect and prevent this.

If the hacker manages to gain access to the kernel indirectly, he can enter the SMM and install a bootkit that is not detected by traditional antivirus programs. In fact, the malware is practically invisible and remains on the affected computer or server even after the operating system has been reinstalled.

Hardware disinfection

It is not possible to remove malware using software alone. To disinfect a system, specialists must open the device and use an external device to examine a specific part of the memory. In practice, it may certainly be more interesting to write off the computer in the case of older devices.

The researchers who discovered the problem gave AMD ten months to develop a patch. That’s exactly what the manufacturer has done: updates are available for all current platforms, including both Ryzen and Epyc. AMD provides an overview of affected systems and the firmware needed to close the leak.

No patch for all chips

The processor developer does not plan to update older chips. Ryzen 1000, 1000 and 3000 will not receive an update, as will Threadripper 1000 and 2000. Due to their age, these chips fall outside the planned support period. The processors power computers and workstations, making them less vulnerable. An attack to exploit the bug is so complex that a regular user does not have to worry.

All Epyc data center processors will receive a patch, as will all Ryzen embedded systems. After all, these chips support more critical systems that are permanently online. In any case, it is advisable to install updates from AMD as soon as possible.