AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose'

just_another_person , 3 hours ago

deleted_by_author

cron , 3 hours ago

Ryzen 2000 and 3000 are still fairly recent and were announced 5-6 years ago.

astrsk , 3 hours ago

My threadripper 1950x is from 2017… and is the cpu powering my primary hypervisor perfectly fine. That’s not 18 years ago, that’s not even 8 years ago.

cmnybo , 3 hours ago

They aren’t patching CPUs that were released 5 years ago.

They should be patching back to Ryzen 1 since those are still perfectly good CPUs. 5-7 years really isn’t that old considering how little improvement there is with each generation.

9point6 , 2 hours ago

What are you on about?

Ryzen 3xxx series processors are still being sold new today

The oldest zen processors are only just over half a decade old—a consumer CPU should be expected to be in service at least double that time.

ShortN0te , 2 hours ago

The Ryzen 5 3600 is from 2019. The XT refreshes so Ryzen 5 3600xt from mid 2020

Irremarkable , 2 hours ago

Some people really don't think before they speak do they

TheHolm OP , 32 minutes ago

3600 was released in 2019. And it they was making it for at least 2 years.

narc0tic_bird , 3 hours ago

That’s so stupid, also because they have fixes for Zen and Zen 2 based Epyc CPUs available.

Intel vs. AMD isn’t “bad guys” vs. “good guys”. Either company will take every opportunity to screw their customers over. Sure, “don’t buy Intel” holds true for 13th and 14th gen Core CPUs specifically, but other than that it’s more of a pick your poison.

victorz , 2 hours ago

How is AMD “screwing us over”? Surely they aren’t doing this on purpose? That seems very cynical.

Grippler , 1 hour ago

They are 100% not patching old chips intentionally by not allocating resources to it. It’s a conscious choice made by the company, it is very much “on purpose”.

victorz , 1 hour ago

That’s not what I was referring to. I was referring to the act of “adding vulnerabilities”. Surely they aren’t doing that on purpose. And surely they would add fixes for it if it was economically viable? It’s a matter of goodwill and reputation, right?

I don’t know, I just don’t think it’s AMD’s business model to “screw over” their customers. I just don’t.

narc0tic_bird , 40 minutes ago

What I mean by that is that they will take a huge disservice to their customers over a slight financial inconvenience (packaging and validating an existing fix for different CPU series with the same architecture).

I don’t classify fixing critical vulnerabilities from products as recent as the last decade as “goodwill”, that’s just what I’d expect to receive as a customer: a working product with no known vulnerabilities left open. I could’ve bought a Ryzen 3000 CPU (maybe as part of cheap office PCs or whatever) a few days ago, only to now know they have this severe vulnerability with the label WONTFIX on it. And even if I bought it 5 years ago: a fix exists, port it over!

I know some people say it’s not that critical of a bug because an attacker needs kernel access, but it’s a convenient part of a vulnerability chain for an attacker that once exploited is almost impossible to detect and remove.

victorz , 21 minutes ago

Well, you feel how you feel, and you choose the products you want after this. Good luck to you! 👍

Grippler , 19 minutes ago

No they are just choosing not to roll out the fix to a known issue, which is screwing customers over on purpose (to increase profits). It’s not a matter of goodwill, they sold a product that then turned out to have a massive security flaw, and now they don’t want to fix even though they absolutely could.

Kolanaki , 1 hour ago

How severe is this vulnerability?

ducking_donuts , 1 hour ago

The good news is that in order to exploit the new vulnerability, the attacker first has to obtain kernel level access to the system somehow - by exploiting some other vulnerabilities perhaps.

The bad news is once Sinkclose attack is performed, it can be hard to detect and mitigate: it can even survive an OS reinstall.

TheHolm OP , 33 minutes ago

You need to be a root to exploit it, but if it get exploited any way to get rid of it is to throw MB to trash.

eskuero , 1 hour ago

lol for the past 15 years I have “rebuilt” my desktop every 5 years but I didn’t expect the would try to force me out of my 7 3700x right on the date