AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

Tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5), the flaw was discovered by IOActive Enrique Nissim and Krzysztof Okupski, who named privilege elevation attack ‘Sinkclose.’

Full details about the attack will be presented by the researchers at tomorrow in a DefCon talk titled “AMD Sinkclose: Universal Ring-2 Privilege Escalation.”

  • DarkThoughts@fedia.io
    link
    fedilink
    arrow-up
    3
    arrow-down
    4
    ·
    edit-2
    3 months ago

    According to AMD’s advisory, the following models are affected:

    EPYC 1st, 2nd, 3rd, and 4th generations
    EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
    Ryzen Embedded V1000, V2000, and V3000
    Ryzen 3000, 5000, 4000, 7000, and 8000 series
    Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
    Ryzen Threadripper 3000 and 7000 series
    AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
    AMD Athlon 3000 series Mobile (Dali, Pollock)
    AMD Instinct MI300A
    

    So people have the choice between self destructing cpus, and those who pose a security threat to you. Though I guess Intel’s Intel Management Engine and AMD’s Platform Security Processor are already security threats anyway, since they’re basically intended backdoors.