A new security flaw discovered in AMD processors going back to 2006 leave them exposed to pre-boot code attacks.
It seems like every month or so we hear about a new security flaw affecting tons of consumer-grade CPUs. Perhaps that shouldn’t be surprising, though, since the complexities of modern processors and the PCs around them have grown to truly labyrinthian degrees.
But the latest issue affecting AMD processors is pretty big — so big, in fact, that it extends back through generations of CPUs, some of which are long out of support and may never be fixed.
The “Sinkclose” flaw allows an infected PC to run unchecked code on an AMD Ryzen processor in System Management Mode, bypassing checks in Windows and even most BIOS and UEFI setups. The issue was discovered by researchers from IOActive and shown off at Defcon.
Once compromised, these systems can be infected with bootkits that run circles around conventional security tools, including antivirus suites and Windows’ own built-in defenses. It could even be able to remain on a PC after a completely fresh operating system install.
Researcher Enrique Nissim described the deeply technical process required to physically scour the PC’s memory of the infection, then summed it up with: “You basically have to throw your computer away.”
AMD says that it had been alerted to the security flaw and has already “released mitigation options” for Ryzen-based PCs and industrial data center machines, and that embedded AMD hardware (like the APUs in game consoles) will be updated soon.
AMD’s full list of products affected by the Sinkclose vulnerability includes chips as old as the Ryzen 3000 series from 2019. All of these will be updated to close the vulnerability.
But that list is at odds with the report issued to Wired, which says the vulnerability exists in chips going all the way back to 2006. The majority of those are, obviously, far beyond their last official updates — and to be fair, most of them probably aren’t currently active. But that’s such a huge number of machines, both personal and industrial, that hundreds of thousands of them are inevitably still in operation and possibly even running crucial infrastructure.
The good news is that this isn’t an easy vulnerability to exploit, at least as far as we know right now because the researchers are giving AMD time to issue patches before they fully explain it. But for it to be exploited, a program would need kernel-level access to a system in order to inject the code into the pre-OS boot sequence. (The researchers say that Microsoft and its OEM partners should be sending out updates that patch the vulnerability on current systems before too long.)
The bad news is that kernel-level vulnerabilities, while technically complex and often patched by Microsoft or other companies, are fairly common. They’re exactly the kind of vulnerabilities that state-level teams of hackers and industrial espionage agents look for, because they’re so powerful and can be exploited on so many systems.