Periodically, we see the emergence of important vulnerabilities in processors. Normally, Intel is the one that has the greatest number of these problems, because they are the most studied because they are the most popular on the market.
The reason why silicon vulnerabilities appear is that they were not investigated years ago. Typically, vulnerabilities were looked for at the software level, not at the hardware level. Intel’s Spectre and Meltdown showed that they existed at the hardware level and that this posed a serious risk to the user.
AMD Will Finally Tone Down Sinkclose in the Ryzen 3000
Sinkclose is a major vulnerability that has affected all AMD processors since 2006. This security flaw takes advantage of a flaw in the system management mode (SMM). Through this flaw, a malicious attacker can execute code within the SMM.
Attacks on the SMM are impossible to detect using an antivirus program. Moreover, due to this vulnerability, malware installed at this stage is very difficult to detect. It is also very difficult to remove and can even persist after a fresh installation of the operating system.
In principle, you have to be calm, because the vulnerability is extremely difficult to exploit. A different exploit than core access is required before Sinkclose can be exploited. This is still a very serious vulnerability and AMD has worked to patch it as quickly as possible.
This security flaw affects any chip based on the Zen 1, Zen 2, Zen 3, and Zen 4 architectures. It does not distinguish between desktop, laptop, or server processors. The company emphasized that it will fix it for all outgoing Ryzen chips, regardless of the age of the architecture.
There was only one exception to this initial plan: the Ryzen 3000, codenamed Matisee. For some unknown reason, AMD did not include these processors in the support list for this vulnerability. Oddly enough, the Ryzen Threadripper 3000, Threadripper Pro 3000WX, EPYC Zen 2 (7002), Ryzen 3000 Mobile, and Ryzen 3000/4000 APUs were going to be patched.
Well, it would have been a mistake when publishing the list of chips that will receive the Sinkclose patch. The company released a patch for these processors. It didn’t make much sense that all Zen 2-based chips would get a mitigation, except for their desktop processors, which were selling like hotcakes.
A security patch for Sinkclose will be released tomorrow. Note that, afterward, each manufacturer will have to include this microcode in the BIOS of their motherboards. This can take between one month and three months. It is possible that some motherboard manufacturers will limit the update to their most recent models.
