AMD is going to provide Ryzen 3000 desktop processors with a patch against the recently discovered Sinkclose vulnerability after all. In doing so, the chip designer is reversing an earlier decision not to do so. However, older processors than Ryzen 3000 will not be patched.
It was recently revealed that most AMD-built processors of the last 18 years, including Ryzen and Epyc chips, are vulnerable to the Sinkclose vulnerability.
Sinkclose vulnerability
Sinkclose allows malicious actors to run code in the System Management Mode (SMM) of AMD processors. This is an area of high privilege reserved on the chip for important firmware operations.
To exploit this vulnerability, however, hackers must previously compromise the device within which the AMD processor resides. Up to this point, the vulnerability would not have been exploited.
Upon becoming aware of the Sinkclose vulnerability, AMD had initially indicated that it was only going to patch its latest models. Older processors, many of which had already reached end-of-life status, would not be patched, such as the still popular and widely used AMD Ryzen 3000 processors.
The Ryzen 1000, 2000 and Threadripper 1000 and 2000 models will also not receive an update against Sinkclose.
Change of mind
To now it appears from the latest SMM Lock Bypass Security Bulletin that AMD has changed its mind. So the Ryzen 3000-series of processors are getting the update after all. For all other older models, nothing changes and they thus remain unpatched. Why exactly AMD now has a different opinion about updating the Ryzen 3000-series anyway is not known. The updates for all approved AMD processors are now available.
Also read: AMD gains ground with Epyc in servers – and grows everywhere