TechCritical vulnerability found in AMD Ryzen and Epyc processors

Critical vulnerability found in AMD Ryzen and Epyc processors

IT security specialists Enrique Nissim and Krzysztof Okupski from IOActive have discovered a critical vulnerability in AMD Ryzen and Epyc processors. The "Sinkclose" vulnerability is present in millions of computers worldwide. Unfortunately, there is no simple way to fix it. In the worst-case scenario, the only solution may be to dispose of the computer.

AMD Ryzen Processor
AMD Ryzen Processor
Images source: © Adobe Stock
Paweł Maziarz

11 August 2024 19:38

Security vulnerabilities can occur in software and computer components, such as processors and memory chips. The threat is significant because it can risk system infection and the takeover of confidential information.

This can also be the case with the new vulnerability discovered by Enrique Nissim and Krzysztof Okupski from IOActive. Details of this threat were revealed at the Defcon conference. According to the researchers, the vulnerability is present in practically all AMD processors released since 2006 and possibly even in older models. Unofficially, it is said that the problem affects millions of computers, servers, and embedded systems.

Serious security vulnerability in AMD processors

Wired reports that the vulnerability allows cybercriminals to run their own code in System Management Mode (SMM), a highly privileged area of processors usually reserved for critical firmware operations.

Thanks to the vulnerability, cybercriminals can install bootkit-type malware that is potentially invisible to the operating system. This gives the hacker access to manipulate the machine and monitor its activity. Moreover, such malware can survive even after the operating system is reinstalled.

However, attackers must gain access to the system kernel to exploit the vulnerability. This is not easy, but experienced hackers may have the tools to carry it out.

Okupski explains how serious the consequences could be: "Imagine hackers from nation-states or anyone who wants to persist in our system. It will remain there even if you clean your hard drive completely." He adds that such software "will be almost undetectable and nearly impossible to remove."

Fixing the vulnerability will be difficult

To remove the malware, it is necessary to open the computer, connect to a specific part of its memory using an SPI Flash programmer, thoroughly check the memory, and then remove the detected software. This is not an easy task. Nissim explains the worst-case scenario more bluntly: "Essentially, you have to throw away your computer."

The researchers waited 10 months before disclosing the vulnerability to give AMD more time to fix it. The manufacturer confirmed the vulnerability's existence and began releasing patches to mitigate its effects. Patches for some devices have already been released, and more are expected soon. However, AMD has not yet disclosed how it plans to address the vulnerability in all affected processors.

Although there is no official information about the exploitation of the Sinkclose vulnerability, experienced state-sponsored hackers may already have the means to use it to attack computers. Researchers warn that the vulnerability poses a serious threat, and users should not delay implementing the available patches.

Related content
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.