A Critical Security Flaw: ‘SinkClose’
A serious security flaw, identified as ‘sinkclose’ (cve-2023-31315), has been discovered in all AMD processors manufactured since 2006. The vulnerability, which could potentially affect hundreds of millions of devices globally, enables malicious actors to exploit the chip architecture, leading to unauthorized access to sensitive data. This issue was revealed by security researchers Enrique Nissim and Krzysztof Okupski from the firm IOActive.
How the ‘SinkClose’ Exploit Works
The ‘sinkclose’ vulnerability exploits a lesser-known capability in AMD processors called TClose, combining principles from a similar vulnerability (sinkhole) discovered in Intel’s System Management Mode in 2015. This critical flaw allows attackers to manipulate the TClose functionality, which remaps memory for backward compatibility with older hardware. Through this manipulation, attackers can deceive System Management Mode (SMM) into fetching altered data, thus achieving high-level privileges and executing malicious code.
Implications and Mitigation Efforts
The implications of this vulnerability are significant, as it allows attackers to bypass standard security measures and gain control over the system at a privileged level. To exploit this, attackers must have access to the system’s kernel, often through malware-infected files. Researchers have advised implementing general safety measures as a precaution.
A Response from AMD
AMD has responded by initiating a patching process to mitigate the risks associated with the ‘sinkclose’ flaw. Collaborating with hardware and software partners, AMD aims to ensure that updates are promptly and effectively deployed. Researchers Enrique Nissim and Krzysztof Okupski have withheld any proof-of-concept code to prevent exploitation during the patch rollout.
AMD has already issued patches for most critical chip lines. Enterprise EPYC CPUs and Instinct accelerators received updates in May, while consumer desktop and laptop series (4000/5000/7000/8000) were patched in August. Unfortunately, no fixes are planned for the Ryzen 3000 series CPUs. For specific mitigation firmware updates, users should check AMD’s official website.