Security researchers have highlighted a new vulnerability, ‘SinkClose’, affecting AMD CPUs that allow execution of malicious code after an exploit. While AMD is addressing the vulnerability, it clarifies that it typically impacts “highly compromised systems.”
SinkClose Vulnerability Threatens AMD CPUs
Researchers from IOActive discovered a new security flaw affecting AMD processors. They recently shared the details Defcon 2024detailing how the vulnerability, called ‘SinkClose’, puts AMD CPUs at risk for code execution attacks. The vulnerability mainly affects the System Management Mode (SMM) of the AMD chips.
Simply put, SMM is an isolated mode of operation in x86 architecture that operates the BIOS or firmware to perform low-level system-wide operations such as power management and hardware control. Because SMM remains inaccessible to the operating system or system applications, codes at this level remain invisible to hypervisor and operating system level security.
The privilege escalation vulnerability that IOActive researchers discovered in AMD CPUs could allow an adversary to bypass secure boot and change SMM settings to deploy virtually undetectable malware on the target systems.
To exploit the flaw, an adversary must have kernel-level access (Ring 0), which enables Ring-2 privileges. This allows the attacker to modify SMM, which remains invisible to the system’s antivirus programs. Thus, the malware deployed in this way persists even after the system disk has been wiped clean.
This vulnerability has received the CVE ID CVE-2023-31315 and achieved a high severity rating with a CVSS score of 7.5. The vulnerability description states:
Improper validation in a model-specific registry (MSR) could allow a malicious program with ring0 access to modify the SMM configuration while SMI locking is enabled, potentially leading to arbitrary code execution.
AMD has released the patch
In response to the IOActive researchers’ findings, AMD has released a detailed advice recognizing vulnerability. The vendor also released separate security fixes for different processors, urging users to patch their systems.
In addition to releasing the patch, AMD also clarified that the threat actually compromises old, vulnerable systems. According to their statement to Security Week,
While the issue only affects severely affected systems, AMD is prioritizing security. We believe that our current measures are an appropriate response to the threat.
AMD has released mitigation options for its AMD EPYC™ data center products and AMD Ryzen™ PC products.
Let us know your thoughts in the comments.
