Sinkclose
| CVE identifier(s) | CVE-2023-31315 |
|---|---|
| Date discovered | Publicly disclosed August 9, 2024 |
| Affected hardware | AMD processors since 2006 |
Sinkclose is a security vulnerability in certain AMD microprocessors dating back to 2006 that was made public by IOActive security researchers on August 9, 2024.[1] IOActive researchers Enrique Nissim and Krzysztof Okupski presented their findings at the 2024 DEF CON security conference in Las Vegas[2] in a talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation".
AMD said it would patch all affected Zen-based Ryzen, Epyc and Threadripper processors but initially omitted Ryzen 3000 desktop processors. AMD followed up and said the patch would be available for them as well.[3] AMD said the patches would be released on August 20, 2024.
Mechanism
[edit]Sinkclose affects the System Management Mode (SMM) of AMD processors. It can only be exploited by first compromising the operating system kernel.[1][2] Once the exploit is effected, it is possible to avoid detection by antivirus software and even compromise a system after the operating system has been re-installed.
References
[edit]- ^ a b Anton Shilov (August 9, 2024). "AMD's 'Sinkclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, more to follow". Tom's Hardware.
- ^ a b Andy Edser (August 12, 2024). "Millions of AMD CPUs found vulnerable to 18-year-old 'Sinkclose' deep-system flaw but it's pretty difficult to exploit". PC Gamer.
- ^ Aaron Klotz (August 19, 2024). "Ryzen 3000 fix for 'Sinkclose' vulnerability arrives tomorrow — AMD reverses course and will patch Ryzen 3000 after all". Tom's Hardware.