AMD extends their “sinkhole” mitigation plans to cover Ryzen 3000 series “Matisse” CPUs
AMD’s Ryzen 3000 “Matisse” CPUs will be receiving a Sinkhole vulnerability fix this month
AMD has revised their security notice for the CVE-2023-31315 “sinkhole” vulnerability. Now, AMD has confirmed that they will be releasing mitigations for Ryzen 3000 “Matisse” processors this month. Previously, AMD stated that they had “no fix planned” for this series of processors.
While our previous reporting on “sinkhole” makes it clear that news of the vulnerability is overblown, it is nonetheless good to see AMD extend mitigations to their Ryzen 3000 series CPUs. Now, all of AMD’s most popular AM4 CPUs will receive sinkhole vulnerability mitigations. After all, it was the Ryzen 3000 series (Zen 2) that truly started AMD rise to become a major competitor within the modern CPU market.
Thankfully, “sinkhole” isn’t a hugely scary vulnerability for mainstream PC users. AMD has confirmed that it requires attackers to have “ring 0” access to system to “modify the configuration of System Management Mode (SMM)”. That’s kernel level access. This means that hackers likely need to utilise additional exploits to get deep enough to use sinkhole. By that stage, your PC is already hacked. Basically, it makes little sense for regular viruses to attempt to use this exploit in the wild.
Regardless, it is good to see AMD extending their “sinkhole” mitigations to cover Zen 2 desktop CPUs. Most consumers shouldn’t be worried about “Sinkhole”. Even so, it is good to know that BIOS mitigations are coming that will address the issue entirely. Curiously, AMDâs Ryzen 1000 and Ryzen 2000 desktop (AM4) CPUs are not mentioned in AMDâs security bulletin page. This likely means that these CPUs are unaffected by sinkhole. That means that AMD’s upcoming updates should make all AM4 Ryzen CPUs safe from Sinkhole.
You can join the discussion on AMD extending their “sinkhole” mitigation plans on the OC3D Forums.