A new vulnerability called “Sinkclose” has been discovered in AMD Ryzen and EPYC processors, potentially impacting millions of devices worldwide. According to a report by WIRED, the vulnerability allows attackers to run malicious code on AMD processors when they are placed in “System Management Mode,” a sensitive mode that holds critical firmware files for operations. To exploit this vulnerability, attackers would need to insert a code snippet granting them deep access to the AMD-based PC or server. Once access is gained, they can install a persistent bootkit, a type of malware undetectable by antivirus software.
Researchers Enrique Nissim and Krzysztof Okupski from security firm IOActive have detailed this vulnerability. Okupski explained to WIRED that the bootkit could be nearly undetectable and unpatchable, making it a serious threat from nation-state hackers or other persistent attackers. Removing the malware is a complex process requiring a hardware-based programming tool called an “SPI Flash” programmer to directly access the memory chips. The entire memory must be meticulously scanned to remove the malware, with Nissim stating that in the worst-case scenario, users may have to discard their computers altogether.
AMD has acknowledged the vulnerability, stating that exploiting Sinkclose is difficult and requires attackers to have access to the computer’s kernel, the core of the operating system. However, the vulnerability highlights the importance of maintaining strong security practices and regularly updating software to mitigate risks. This vulnerability underscores the ongoing challenges in securing modern computing devices and the need for continuous research and development of robust security solutions.