Subscribe to the life changing weekly newsletter

Sinkclose Vulnerability Affects Hundreds of Millions of AMD Processors, Enables Data Theft & AMD Begins Patching

amd sinkclose vuln

A newly discovered security flaw known as ‘Sinkclose’ poses a significant risk to nearly all AMD processors released since 2006. This bug allows attackers to gain deep access to a computer system. It makes it very challenging to detect or eliminate malicious software.

Although this vulnerability has gone unnoticed for 18 years, which suggests it might not have been exploited, it remains a serious issue. AMD is actively working to patch the flaw, but not all affected processors have received an update yet.

Sinkclose Evades Antiviruses and Persists Even After OS Reinstall

The Sinkclose vulnerability gives hackers a way to place malicious code into the System Management Mode (SMM) of AMD processors. SMM is a highly privileged area designed for important firmware tasks.

To exploit this vulnerability, attackers first need access to the system’s kernel, which requires the system to be previously compromised.

Once attackers have kernel access, they can use the Sinkclose flaw to install bootkit malware. This malware is tricky because it evades regular antivirus tools and remains almost invisible in the system. Even reinstalling the operating system won’t get rid of it.

The vulnerability takes advantage of an unclear feature in AMD chips called TClose. This feature exists to keep older devices compatible. By tweaking TClose, attackers can make the processor run their code at the SMM level, granting them deep and lasting control over the system.

Security researchers Enrique Nissim and Krzysztof Okupski from IOActive have found a new vulnerability called Sinkclose. They are set to discuss their findings at the Defcon conference soon.

According to AMD, fully exploiting this vulnerability requires kernel-level access, which is like getting past all the security layers in a bank before reaching the safe deposit box.

Even though accessing the kernel is hard, both Windows and Linux systems frequently face vulnerabilities at this level. Nissim and Okupski believe that skilled hackers, especially those backed by governments, already have the tools needed to exploit these weaknesses.

Removing the Sinkclose malware involves opening the computer, connecting to a specific memory part using an SPI Flash programmer, and carefully inspecting and cleaning the memory.

Impacts a Wide Range of AMD CPUs

The Sinkclose flaw affects a broad spectrum of AMD processors used in various systems, including personal computers, servers, and embedded devices.

This flaw is particularly serious in recent Zen-based processors if the Secure Boot feature isn’t properly handled by manufacturers.

These processors become more susceptible, as malware can harder to detect within AMD’s secure zone.

Researchers took 10 months to reveal the issue, giving AMD time to work on solutions.

AMD has identified the problem and started releasing fixes for affected products like EPYC datacenter and Ryzen PC processors.

While some patches are available, more are on the way.

Details on how AMD plans to address all impacted devices remain unclear.

Experts highlight the risk posed by this vulnerability and the urgency for users to apply available fixes quickly.

Nissim and Okupski point out that even though exploiting the flaw is complex, advanced hackers, possibly backed by governments, might already be capable of doing so.

To ensure safety, users are strongly urged to update their systems as soon as patches are released.

Featured Image Credit: Mojahid_Mottakin, Depositphotos.com