#CoSoSec

Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006

https://www.wired.com/story/amd-chip-sinkclose-flaw/

Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch

AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware.

https://www.tomshardware.com/pc-components/cpus/amd-wont-patch-all-chips-affected-by-severe-data-theft-vulnerability-ryzen-1000-2000-and-3000-will-not-get-patched-among-others

Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about.

Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode.

DEF CON Official Talk | AMD Sinkclose: Universal Ring-2 Privilege Escalation | Las Vegas, NV

https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/

This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example

With such deep access, Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.