Security researchers have found a vulnerability in AMD processors that has persisted for decades, . This is a fascinating security flaw because it was found in the firmware of the actual chips and potentially allows malware to deeply infect a computer’s memory.
The flaw was discovered by , who are calling the AMD-based vulnerability a “Sinkclose” flaw. This potentially allows hackers to run their own code in the most privileged mode of an AMD processor, System Management Mode. This is typically a protected portion of the firmware. The researchers have also noted that the flaw dates back to at least 2006 and that it impacts nearly every AMD chip.
“Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer…” New piece from @WIRED featuring research from IOActive Principal Security Consultants, Enrique Nissim & Krzysztof Okupski. https://t.co/UuvzC2qyGI
— IOActive, Inc (@IOActive) August 9, 2024
That’s the bad news. Now onto some better news. Despite being potentially catastrophic, this issue is unlikely to impact regular people. That’s because in order to make full use of the flaw, hackers would already need deep access to an AMD-based PC or server. That’s a lot of work for a random home PC, phew, but could spell trouble for corporations or other large entities.
This is particularly worrisome for . In theory, malicious code could burrow itself so deep within the firmware that it would be almost impossible to find. As a matter of fact, the researchers say that the code would likely survive a complete reinstallation of the operating system. The best option for infected computers would be a one-way ticket to the trash heap.
“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it’s still going to be there,” says Krzysztof Okupski from IOActive. “It’s going to be nearly undetectable and nearly unpatchable.”
Once successfully implemented, hackers would have full access to both surveil activity and tamper with the infected machine. AMD has acknowledged the issue and says that it has “released mitigation options” for data center products and Ryzen PC products “with mitigations for AMD embedded products coming soon.” The company has also published a .
AMD has also emphasized just how difficult it would be to take advantage of this exploit. It compares using the Sinkclose flaw to accessing a bank’s safe-deposit boxes after already bypassing alarms, guards, vault doors and other security measures. IOActive, however, says that kernel exploits — the equivalent of plans to get to those metaphorical safe-deposit boxes — exist readily in the wild. “People have kernel exploits right now for all these systems,” the organization told Wired. “They exist and they’re available for attackers.”
IOActive has agreed to not publish any proof-of-concept code as AMD gets to work on patches. The researchers have warned that speed is of the essence, saying “if the foundation is broken, then the security for the whole system is broken.”
