A new security flaw, dubbed ‘Sinkclose’, has been discovered to affect millions of AMD processors, including the popular Ryzen desktop CPU range. This vulnerability gives unauthorized users access to the system and the ability to run malicious code virtually undetected. Although the vulnerability requires access to the system kernel, making it technically sophisticated to exploit, it poses a significant security threat. Millions of AMD Ryzen and EPYC processors are exposed to this vulnerability.
Since the discovery, AMD has been quick to respond, releasing firmware updates for a range of affected CPUs. However, AMD has stated that older Ryzen 1000, 2000, and 3000 Series CPUs, as well as Threadripper 1000 and 2000 Series CPUs, will not be receiving these updates. AMD has justified this decision by stating that these older CPUs are outside their software support window.
The lack of updates for older CPUs leaves them vulnerable to the ‘Sinkclose’ exploit. This vulnerability is particularly concerning because it is embedded within the CPU itself, meaning even a complete system wipe or drive replacement won’t remove it.
While AMD’s latest Ryzen 9000 Series and Ryzen AI 300 Series are not listed on the AMD Security Bulletin as requiring updates, it remains unclear whether these latest models are also vulnerable. Users with affected AMD processors are advised to stay informed about potential mitigation measures and update their systems whenever possible.
