New AMD “Sinkclose” Vulnerability Affects All Processors Released After 2006, Enables Data Theft
AMD begins patching issue on critical chip lines with more to follow. Researchers say it can hardly be fixed.
A recently discovered major security vulnerability that affects almost all of AMD’s processors released since 2006, named “Sinkclose”, allows attackers to deeply infiltrate
as system, making it extremely difficult to detect or remove. The issue is so severed,
that in many cases, it may be easier to write-off the infected machine than repair
it.
The good news is that, since it hasn’t been discovered for 18 years, its unlikely to
have been used. AMD is patching its platforms to protect them, though – because
of the scale of affected products – not all affected processors have received the
patch yet.
The vulnerability allows bad actors to run code within the System Management Mode (SMM) of AMD
processors, which is a highly privileged area usually used for critical firmware
operations. To exploit the flaw, attackers first must gain access to a system’s
kernel, which is very hard, but is possible. The catch, the system must already
have been compromised by another attack.
Once access is secured by bad actors, the Sinkclose vulnerability allows the perpetrators
to install bootkit malware that evades detection by standard antivirus tools, remaining
undetected within the system and can even persist after a fresh installation of
the operating system.
The vulnerability uses a little-known feature in AMD chips knows as TClose, which is meant to ensure compatibility with older devices. By manipulating this feature, researchers
were able to redirect the processor to run their own code at the SMM level. This
method, although complex, provides attackers with deep and persistent control
over the system.
Despite the possibility of such a high-level infiltration, AMD has said in response: “To
take advantage of the vulnerability, a hacker has to already possess access to
a computer’s kernel, the core of its operating system”. AMD likens the Sinkhole
vulnerability to gaining access to a bank’s safe deposit boxes after already
getting past its alarms, guards and vault door.
Researchers gave AMD 10 months before disclosing the vulnerability to give AMD more time to address it. AMD has acknowledged the vulnerability and begun releasing
mitigation options for affected products. This includes data center and Ryzen
processors. AMD has not yet disclosed how the issue will be addressed.