Jump to content

Sinkclose

From Wikipedia, the free encyclopedia
Sinkclose
CVE identifier(s)CVE-2023-31315
Date discoveredPublicly disclosed August 9, 2024; 2 months ago (2024-08-09)
Affected hardwareAMD processors since 2006

Sinkclose is a security vulnerability in certain AMD microprocessors dating back to 2006 that was made public by IOActive security researchers on August 9, 2024.[1] IOActive researchers Enrique Nissim and Krzysztof Okupski presented their findings at the 2024 DEF CON security conference in Las Vegas[2] in a talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation".

AMD said it would patch all affected Zen-based Ryzen, Epyc and Threadripper processors but initially omitted Ryzen 3000 desktop processors. AMD followed up and said the patch would be available for them as well.[3] AMD said the patches would be released on August 20, 2024.

Mechanism

[edit]

Sinkclose affects the System Management Mode (SMM) of AMD processors. It can only be exploited by first compromising the operating system kernel.[1][2] Once the exploit is effected, it is possible to avoid detection by antivirus software and even compromise a system after the operating system has been re-installed.

References

[edit]
  1. ^ a b Anton Shilov (August 9, 2024). "AMD's 'Sinkclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, more to follow". Tom's Hardware.
  2. ^ a b Andy Edser (August 12, 2024). "Millions of AMD CPUs found vulnerable to 18-year-old 'Sinkclose' deep-system flaw but it's pretty difficult to exploit". PC Gamer.
  3. ^ Aaron Klotz (August 19, 2024). "Ryzen 3000 fix for 'Sinkclose' vulnerability arrives tomorrow — AMD reverses course and will patch Ryzen 3000 after all". Tom's Hardware.
[edit]