Several chips built by AMD over the past 18 years are vulnerable to Sinkclose, a critical severity flaw which could allow malicious actors to break into the target system, basically unseen.
While the chipmaker has already released a fix for some of the newer models, older ones – including some of the most iconic products – will not be receiving any treatment.
This is because they have reached end of life and as such are not eligible for any support, despite being super popular with the consumers.
Ryzen 9000 not listed
“There are some older products that are outside our software support window,” AMD told Tom’s Hardware in a statement, meaning products in the Ryzen 1000, 2000, and 3000 series, as well as the Threadripper 1000 and 2000 models, are being left behind.
On the other end, all generations of AMD’s EPYC processors for the data center, the latest Threadripper, and Ryzen processors, as well as the MI300A data center chips, have all been patched.
AMD added it does not expect the patches to affect the chips’ performance, which means the company still doesn’t know for certain, what the effects of the fix will be – with the full list of supported chips found on this link.
It’s also worth mentioning that the latest Ryzen 9000 and Ryzen AI 300 series processors aren’t included on the list, which could mean that these weren’t vulnerable in the first place.
The Sinkclose vulnerability allows threat actors to run malicious code inside the System Management Mode (SMM) of AMD processors, which is a high-privilege area reserved for critical firmware operations. To be able to exploit the vulnerability, an attacker would first need to compromise the endpoint separately.
Fortunately, there is currently no evidence that any malicious actors discovered, or used, this flaw in the past.
Via Tom’s Hardware