BTN News: Cybersecurity researchers have uncovered a critical vulnerability affecting millions of AMD CPUs, which could allow cybercriminals to execute malware at a level deeper than the system’s core (Ring 0), making detection and removal extremely challenging. Known as Sinkclose (CVE-2023-31315), this flaw has remained hidden for an astonishing 18 years, impacting AMD processors released since 2006. This discovery has sent shockwaves through the cybersecurity community due to the severe implications of such a deep-rooted vulnerability.
Sinkclose enables attackers to access the System Management Mode (SMM), a privileged mode even deeper than the kernel (Ring -2). Malware operating at this level can render antivirus tools ineffective, operating invisibly within the system and providing attackers with virtually undetectable control. Given its location in one of the most privileged levels of the processor, it’s no wonder this vulnerability eluded detection for nearly two decades.
According to experts from IOActive, the cybersecurity firm that brought this vulnerability to light, the potential for harm is immense. Enrique Nissim and Krzysztof Okupski, the researchers who uncovered Sinkclose, shared their findings with Wired, highlighting the difficulty in dealing with this malware. “In many cases, it’s easier to discard the affected machine than to attempt cleaning it,” they noted, underscoring the gravity of the situation.
The risks posed by this vulnerability are vast. Attackers could use it to deploy bootkits, a particularly insidious form of malware that replaces the operating system’s bootloader. Once in place, this malware can evade detection by traditional security tools, allowing cybercriminals to gain complete control over the infected system. The fact that such malware can operate undetected at the lowest levels of a computer’s architecture makes it particularly dangerous.
AMD has acknowledged the vulnerability and has begun rolling out mitigation measures for some of its products, specifically targeting its AMD Epyc and AMD Ryzen processors for PCs. Upcoming updates are expected for chips embedded in industrial devices and vehicles. The company has released a comprehensive list of affected products on its website, which includes the Ryzen 4000 Renoir, Ryzen 5000 Vermeer/Cezane, and Athlon 300 (Dali/Pollock) families of chips.
However, not all processors are covered by these updates. According to Tom’s Hardware, some popular consumer processors, such as the Ryzen 3000, Ryzen 9000, and the Ryzen AI 300 series, are notably absent from the list of products receiving security patches. This omission has raised concerns among users who rely on these chips for everyday computing, as they remain vulnerable to potential exploitation.
Despite the seriousness of the Sinkclose vulnerability, AMD emphasized that its exploitation is not straightforward. To successfully exploit this flaw, a cybercriminal would need access to the computer’s kernel, which adds a layer of complexity to potential attacks. Nevertheless, the cybersecurity community remains on high alert as researchers continue to monitor the situation closely.
Experts expect that patches addressing Sinkclose will be included in future Microsoft updates, while solutions for Linux systems will be implemented gradually. As the industry grapples with the implications of this discovery, users are urged to stay vigilant and ensure their systems are up to date with the latest security measures.
In conclusion, the revelation of the Sinkclose vulnerability serves as a stark reminder of the ongoing challenges in cybersecurity. As technology continues to evolve, so too do the threats that come with it. The discovery of such a deep-seated flaw in AMD processors is a sobering reminder that even the most sophisticated systems are not immune to exploitation. Users and organizations must remain proactive in protecting their systems, staying informed about the latest threats, and applying security patches as soon as they become available.