Ryzen ‘SinkClose’ Vulnerability: Ryzen 3000 CPU’s will get the SinkClose patch after all.
AMD reversed course and changed their mind to patch the Vulnerability.
Earning a rating of 7.5 out of 10 on the CVSS (Common Vulnerability Scoring System) severity scale
CVSS Base Score | CVSS Severity Level |
0 | None |
0.1 – 3.9 | Low |
4.0 – 6.9 | Medium |
7.0 – 8.9 | High |
9.0 – 10.0 | Critical |
The vulnerability enables malicious software or users that already have access to the operating systems kernel, (Kernel: represents the highest level of privilege in a modern general-purpose computer) to run code in SMM (System Management Mode) out of sight of the operating system and antivirus.
The main threat of SinkClose is that the malicious software would have to get access to the computer on a Kernal level first. Thereafter it can be exploited, and it would be difficult to detect and delete and can in some cases persist after an operating system reinstall.
Kernel level access is a lot scarier as they can already do a lot more damage regardless of the SinkClose vulnerability.
AMD has listed the Series that will get patched, however there are some older models that will not get the patch implemented. The most notable roll-out is for the Ryzen 3000 series, as they use the same ZEN 2 cores as AMD’s Rome generation of Epyc datacentre CPUs, however the same cannot be said for the Ryzen 1000 and 2000 series CPU’s.