‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

mox , 12 minutes ago (edited 34 seconds ago)

Notable quote:

“It’s going to be nearly undetectable and nearly unpatchable.” Only opening a computer’s case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Let’s hope a microcode or BIOS update can prevent it from happening in the first place.

Original source:

info.defcon.org/event/?id=54863

Relevant links:

ioactive.com/…/def-con-talk-amd-sinkclose-univers…

www.youtube.com/watch?v=xSp38lFQeRE

www.youtube.com/watch?v=lR0nh-TdpVg&t=2s

bleepingcomputer.com/…/new-amd-sinkclose-flaw-hel…

(I found the Bleeping Computer article more informative and concise than the Wired one.)

notnotmike , 1 hour ago

I mean, I’m not much of a tinfoil hat, but this article feels extremely conveniently timed for Intel, who is currently going through a massive ordeal with their chips. Especially considering that the vulnerability is so extremely difficult to exploit that there’s borderline no story here for 99% of people but the headline will still drive clicks and drama.

Drathro , 45 minutes ago

Difficult to exploit, already in the process of being patched. Truly, the most breaking of news.

LainTrain , 1 hour ago

More “cybersecurity” clickbait with red/blue/green images of processors and skulls. That’s the real “infection”

Rayspekt , 1 hour ago

So what do I exactly need to do if I have ine if the affected CPUs? What specifically do I need to patch?

dogslayeggs , 1 hour ago

I’m not an expert, but reading the posts here the answer seems to be “nothing.” The only people affected by this already know how to prevent it.

vikingtons , 57 minutes ago

You’ll want to upgrade your system BIOS when your board vendor makes this fix available.

FangedWyvern42 , 29 minutes ago

Nothing. It sounds like it only affects a very small number of people, but the general public has no need to worry.

riskable , 2 hours ago

A list of the effected processors would’ve been nice, Wired.

vikingtons , 2 hours ago

The article links to this:

www.amd.com/en/resources/…/amd-sb-7014.html

BlackLaZoR , 2 hours ago

it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.

If attacker has a ring 0 access he can already screw you up any way he wants

vikingtons , 2 hours ago

that’s all well and good, I was just responding to someone who wanted the list of affected products

WHYAREWEALLCAPS , 1 hour ago

It only mentions ring 0 access in your link, ergo they responded to your post because it was the most appropriate. At least that's how I see it.

vikingtons , 1 hour ago

The link includes ‘CVE-2023-31315’

SzethFriendOfNimi , 1 hour ago

True. This does allow for persistent recurring infection post clean and cold boot.

Interesting flaw to keep an eye on.

mox , 24 minutes ago (edited 12 minutes ago)

AMD hadn’t published a list when the article was first run, but it has since been updated. It now gives one:

but it pointed to a full list of affected products that can be found on its website’s [security bulletin page](but it pointed to a full list of affected products that can be found on its website’s security bulletin page..

avidamoeba , 2 hours ago

Requires kernel-level access. Also AMD is “releasing mitigations,” so is it “unfixable?”

Drathro , 2 hours ago

I think they meant it as “once infected may be impossible to disinfect.” But it sure doesn’t read that way at first glance.

WHYAREWEALLCAPS , 1 hour ago

Did they change it? Because now it says "Allows Deep, Virtually Unfixable Infections" and that seems to say exactly what you are.

someguy3 , 1 hour ago

Requires kernel-level access

What does that mean to the rest of us?

floofloof , 28 minutes ago

It means that a malicious actor would already need to have hacked your computer quite deeply through some other vulnerability (or social engineering) before they could take advantage of this one. But I don’t agree with another commenter here that this is a “nothingburger”: this vulnerability enables such a hacker to leave undetectable malware that you just can’t remove from the computer even if you replace everything but the motherboard. That’s significant, particularly for anyone who might be a target of cyber-espionage.