Critical vulnerability found in AMD Ryzen and Epyc processors
11 August 2024 19:38
IT security specialists Enrique Nissim and Krzysztof Okupski from IOActive have discovered a critical vulnerability in AMD Ryzen and Epyc processors. The "Sinkclose" vulnerability is present in millions of computers worldwide. Unfortunately, there is no simple way to fix it. In the worst-case scenario, the only solution may be to dispose of the computer.
Security vulnerabilities can occur in software and computer components, such as processors and memory chips. The threat is significant because it can risk system infection and the takeover of confidential information.
This can also be the case with the new vulnerability discovered by Enrique Nissim and Krzysztof Okupski from IOActive. Details of this threat were revealed at the Defcon conference. According to the researchers, the vulnerability is present in practically all AMD processors released since 2006 and possibly even in older models. Unofficially, it is said that the problem affects millions of computers, servers, and embedded systems.
Serious security vulnerability in AMD processors
Wired reports that the vulnerability allows cybercriminals to run their own code in System Management Mode (SMM), a highly privileged area of processors usually reserved for critical firmware operations.
Thanks to the vulnerability, cybercriminals can install bootkit-type malware that is potentially invisible to the operating system. This gives the hacker access to manipulate the machine and monitor its activity. Moreover, such malware can survive even after the operating system is reinstalled.
However, attackers must gain access to the system kernel to exploit the vulnerability. This is not easy, but experienced hackers may have the tools to carry it out.
Okupski explains how serious the consequences could be: "Imagine hackers from nation-states or anyone who wants to persist in our system. It will remain there even if you clean your hard drive completely." He adds that such software "will be almost undetectable and nearly impossible to remove."
Fixing the vulnerability will be difficult
To remove the malware, it is necessary to open the computer, connect to a specific part of its memory using an SPI Flash programmer, thoroughly check the memory, and then remove the detected software. This is not an easy task. Nissim explains the worst-case scenario more bluntly: "Essentially, you have to throw away your computer."
The researchers waited 10 months before disclosing the vulnerability to give AMD more time to fix it. The manufacturer confirmed the vulnerability's existence and began releasing patches to mitigate its effects. Patches for some devices have already been released, and more are expected soon. However, AMD has not yet disclosed how it plans to address the vulnerability in all affected processors.
Although there is no official information about the exploitation of the Sinkclose vulnerability, experienced state-sponsored hackers may already have the means to use it to attack computers. Researchers warn that the vulnerability poses a serious threat, and users should not delay implementing the available patches.