Security researchers have discovered a disturbing bug in AMD processors that can be abused to install malware that’s hard to detect and capable of surviving operating system reinstalls. The vulnerability concerns an operating mode within AMD chips called “System Management Mode,” which is designed to handle systemwide functions, such as power management and hardware control. The same mode also contains high privileges, which researchers at cybersecurity vendor IOActive figured out how to exploit. According to Wired, the so-called “Sinkclose” vulnerability allows an attacker to gain system privileges deep within an AMD system, whether it be a PC or server. This could enable them to install malware outside the OS and into the firmware, making the malicious code much harder to detect and remove.“This silicon-level issue appears to have remained undetected for nearly two decades,” the researchers wrote.AMD has been preparing a fix since the flaw was first uncovered in October. On Friday, the company began releasing patches for Sinkclose for AMD Ryzen and Epyc processors while warning that the vulnerability has a “high” severity rate. And it looks like it’ll take time for motherboard vendors and possibly Microsoft to help distribute the fix to users. Still, AMD says the flaw isn’t easy to exploit. IOActive researchers add that the bug involves manipulating an obscure feature in AMD chips known as TClose. Importantly, AMD says that Sinkclose can only be exploited if the hacker already has access to the computer with privileges to tamper with the kernel, the nucleus of the operating system. Nonetheless, researchers at IOActive say Sinkclose still poses a major threat if elite hackers, such as state-sponsored spies, ever learn how to abuse it. “While exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux practically every month,” the researchers told Wired.
Recommended by Our Editors
The team at IOActive plans to share more details about the vulnerability at the DEF CON security gathering in Las Vegas tomorrow. But they’re refraining from sharing any proof-of-concept code demonstrating how Sinkclose can be exploited, at least for the next several months, to give AMD additional time to patch the flaw.Although AMD has released a software fix, it doesn’t cover the AMD Ryzen 3000 desktop series or earlier chip models. We’ve reached out to the company for comment and we’ll update the story if we hear back.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
