Vulnerabilities appearing in core processors are not a big problem because people with malicious intent try in every way to get a background, be it through a bug that is present in the computer code or through some disclosure that hackers take advantage of and then try. steal your data. However, the new Sinkclose vulnerability is said to have been present in AMD processors for more than a decade, and it seems that it will be made public at the Defcon hacker conference by the people at security company IOActive.
According to a WIRED report, the Sinkclose vulnerability allows attackers to run their malicious code on AMD processors while in “system management mode,” which is a secret mode in which files critical firmware to work.
However, to inject a piece of code, hackers need “deep access to an AMD-based PC or server.” To gain control of your systems, attackers can use malware called a bootkit, which is undetectable with antivirus software and put the security of your systems at risk.
Think about national hackers or anyone else who wants to stay on your system. Even if you erase the disc, it will still be there. It will be almost undetectable and almost impossible to fix. – Krzysztof Okupski, WIRED
To alleviate the problem, users have to physically open the computer and install a hardware-based software tool called SPI Flash programmer, which makes the problem a bit difficult for the user. average. Fortunately, AMD acknowledged the vulnerability and thanked the researchers for closing Sink to the public.
In response, the company has published a new security bulletin addressing the vulnerability, as well as an extensive list of affected processors, which includes Ryzen 3000 processors and above , as well as 1st generation EPYC server processors and above. AMD also offers firmware and microcode solutions to reduce the impact across different processor generations. Discounts are available for all Ryzen and EPYC families, except for the old Ryzen 3000 desktop family based on the Zen 2 core architecture.
So, it’s safe to say that AMD has identified the underlying problem. However, there is still a lot to be done, especially in terms of reducing vulnerabilities, possibly through a BIOS update. For the average user there is nothing to worry about at the moment and we will update you as soon as AMD releases a new BIOS update to cover all aspects.