Sinkclose is a security vulnerability in certain AMD microprocessors dating back to 2006 that was made public by IOActive security researchers on August 9, 2024.[1] IOActive researchers Enrique Nissim and Krzysztof Okupski presented their findings at the 2024 DEF CON security conference in Las Vegas[2] in a talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation".
| CVE identifier(s) | CVE-2023-31315 |
|---|---|
| Date discovered | Publicly disclosed August 9, 2024 |
| Affected hardware | AMD processors since 2006 |
AMD said it would patch all affected Zen-based Ryzen, Epyc and Threadripper processors but initially omitted Ryzen 3000 desktop processors. AMD followed up and said the patch would be available for them as well.[3] AMD said the patches would be released on August 20, 2024.
Mechanism
editSinkclose affects the System Management Mode (SMM) of AMD processors. It can only be exploited by first compromising the operating system kernel.[1][2] Once the exploit is effected, it is possible to avoid detection by antivirus software and even compromise a system after the operating system has been re-installed.
References
edit- ^ a b Anton Shilov (August 9, 2024). "AMD's 'Sinkclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, more to follow". Tom's Hardware.
- ^ a b Andy Edser (August 12, 2024). "Millions of AMD CPUs found vulnerable to 18-year-old 'Sinkclose' deep-system flaw but it's pretty difficult to exploit". PC Gamer.
- ^ Aaron Klotz (August 19, 2024). "Ryzen 3000 fix for 'Sinkclose' vulnerability arrives tomorrow — AMD reverses course and will patch Ryzen 3000 after all". Tom's Hardware.