Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
What just happened? Security researchers at this year’s Def Con have presented findings regarding a long-standing albeit recently discovered vulnerability in AMD processors called “Sinkclose.” Though rather hard to exploit, the security flaw can potentially yield catastrophic results for any system unlucky enough to fall victim to it.
On Saturday, IOActive’s Principal Security Consultant Enrique Nissim and Associate Principal Security Consultant Krzysztof Okupski delivered vulnerability research in a presentation titled AMD Sinkclose: Universal Ring-2 Privilege Escalation. According to the team’s presentation, its team noticed a flaw in one of the components required to secure an execution mode known as System Management Mode. This mode provides attackers access to a highly versatile and powerful execution method. The exploit is invisible to OS-level protections such as anti-virus, anti-malware, and anti-cheat solutions commonly used in online gaming.
Exploiting the vulnerability is not easy (thankfully) and requires the attacker to gain access to the system’s kernel first. If successful, the bad actor can use Ring-0 privileges to gain Ring-2 privileges to install an undetectable bootkit. Bootkits are malware designed to target a system’s master boot record. Once installed, it cannot be easily detected or removed. In some cases, a successful attack can even persist despite a complete reinstallation of the OS. In these scenarios, an affected machine may require a complete replacement rather than typical malware removal and remediation.
Despite only being recently reported and tracked as CVE-2023-31315, the Sinkclose vulnerability appears to have been a long-standing issue that went undetected in many of AMD’s workstations and server-class CPUs for the last 18 years. According to AMD’s product security bulletin, the vulnerability impacts many processors across its data center CPUs, graphics solutions, embedded processors, desktops, HEDTs, workstations, and mobile product lines.
IOActive’s researchers disclosed the issue to AMD 10 months before its announcement, giving the chipmaker time to review and address it before going public. Team Red already issued mitigations for EPYC and Ryzen CPUs. An AMD spokesperson told Wired that additional mitigations for embedded processors and other affected products would be coming soon. However, the company didn’t provide an official timeline.
While the initial news and potential damage may sound horrific, users can rest easier knowing that the vulnerability went undetected for almost two decades, and it appears that hackers have never exploited it. Given AMD’s remediation efforts and the inherent difficulty attackers would face in obtaining kernel-level access, widespread exploitation of the vulnerability is highly unlikely.
