Security researchers have discovered a decades-old vulnerability in AMD processors. . It’s a fascinating security flaw because it’s found in the software of the actual chips, potentially allowing malware to deeply infect a computer’s memory.
Detected by a defect they call the AMD-based vulnerability the “Sinkclose” flaw. This potentially allows hackers to run their code in System Administration Mode, the AMD processor’s most privileged mode. This is usually a protected part of the firmware. The researchers also noted that the flaw dates back to at least 2006 and affects nearly every AMD chip.
“A bug in AMD chips could allow attackers to gain access to the most privileged parts of a computer, researchers warn…” @NIMLI IOActive Principal Security Consultants features research by Enrique Nissim and Krzysztof Okupski. https://t.co/UuvzC2qyGI
— IOActive, Inc (@IOActive) August 9, 2024
Here’s the bad news. Now on to the better news. Although potentially catastrophic, this problem may not affect ordinary people. This is because hackers already need deep access to an AMD-based computer or server to fully exploit the flaw. That’s a lot of work for a casual home computer, but it can be a problem for corporations or other large organizations.
This is particularly disturbing . In theory, malicious code could embed itself so deeply into the firmware that it would be nearly impossible to find. In fact, the researchers say that the code will survive a complete rebuild of the operating system. The best option for infected computers would be a one-way ticket to the trash.
“Imagine nation state hackers or whoever wants to insist on your system. Even if you clean up your drive, it will still be there,” says Krzysztof Okupski of IOActive. “It’s almost undetectable and almost unfixable.”
Once successfully implemented, hackers will have full access to both surveillance activity and tampering with the infected machine. AMD has acknowledged the problem and said it has released “mitigation options” for its data center products and Ryzen PC products, with “mitigations for AMD’s embedded products” coming soon. The company also published a .
AMD also emphasized how difficult it is to exploit this exploit. He compares exploiting the Sinkclose flaw to breaking into bank vaults after bypassing alarms, guards, vault doors and other security measures. However, IOActive says that nuclear exploits—the equivalent of blueprints to get to these metaphorical safe boxes—are readily available in the wild. “People now have kernel exploits for all these systems,” the organization told Wired. “They exist and are accessible to attackers.”
IOActive has agreed not to publish any proof code as AMD begins working on patches. Speed is of the essence, the researchers warned, saying that “if the foundation is broken, the security of the entire system is compromised.”
