AMD Issues Alert On Major Vulnerability Found in Multiple CPUs

Zinger Key Points
  • AMD warns of critical "SinkClose" vulnerability affecting multiple CPU generations, risking undetectable malware installation.
  • The "SinkClose" flaw impacts AMD's EPYC, Ryzen, and Threadripper processors, bypassing security and persisting through reinstalls.

Advanced Micro Devices Inc AMD has warned about a critical vulnerability named “SinkClose,” which affects multiple generations of its EPYC, Ryzen, and Threadripper processors.

What Happened? The flaw allows attackers with Kernel-level (Ring 0) privileges to escalate to Ring -2 privileges, high-level access associated with System Management Mode (SMM), where they can install virtually undetectable malware, Bleeping Computer reports.

IOActive researchers Enrique Nissim and Krzysztof Okupski discovered that the flaw allows attackers to alter SMM settings even when security measures like SMM Lock are enabled.

The researchers will present their findings at the upcoming DefCon event, shedding light on a flaw that has remained undetected for nearly two decades and impacts a broad range of AMD chip models.

Why Is It Important? This flaw allows malicious code to deeply embed itself within the firmware, making it nearly impossible to detect or remove.

Alarmingly, the vulnerability could persist even after a complete reinstallation of the operating system.

The vulnerability affects various AMD processors, including EPYC (1st to 4th generations), Ryzen Embedded series, Ryzen (3000, 5000, 4000, 7000, and 8000 series), Ryzen Mobile series, Threadripper series, and Athlon Mobile 3000 series, among others.

AMD has already rolled out mitigations for EPYC and Ryzen desktop and mobile CPUs, with additional fixes for embedded CPUs expected soon.

AMD plans to release a fix for its 5000 and 7000 series processors, but users of the 3000 series desktop processors need more time. Despite these relatively recent CPUs being released in late 2019 and 2020, the company has decided not to issue a patch for them.

Rosenblatt analyst Hans Mosesmann maintained a Sell rating on Intel Corp INTC  as AMD continues to gain share on EPYC4 and newer EPYC5 road maps.

AMD stock lost 24% in the last 30 days amid a broader sector selloff. The stock is still up over 225 in the last 12 months. Investors can gain exposure to the stock through SPDR S&P 500 ETF Trust SPY and iShares Core S&P 500 ETF IVV.

Price Actions: AMD shares were trading higher by 2.64% at $140.36 at the last check Tuesday.

Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.

Photo via Shutterstock

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!