AMD “sinkhole” exploit news is overblown, but AMD can do better
Not all AMD CPUs will be getting a fix for “sinkhole”
Researchers from a group called IOActive have uncovered a vulnerability called “sinkhole” that reportedly impacts AMD chips dating all the way back to 2006. Hundreds of millions of CPUs are said to be exploitable, enabling hackers to run code on the deepest parts of AMD chips. If utilised, “sinkhole” can infect PCs with malware that is almost impossible to detect and remedy. Now, we are going to tell you that news of the AMD “sinkhole” vulnerability is overblown.
While the vulnerability is scary when fully utilised, it requires deep access to a susceptible PC to exploit. AMD has confirmed that it requires attackers to have “ring 0” access to system to “modify the configuration of System Management Mode (SMM)”. That’s kernel level access, which means that hackers likely need to utilise additional exploits to get deep enough to use sinkhole.
Thankfully, AMD has already released firmware mitigations for this exploit for many of their commonly used processors. However, fixes for some of AMD’s Embedded CPUs will not have fixes until around October 2024. Even so, users of most recent AMD CPUs with their latest motherboard/platform firmware will not need to worry about sinkhole. Beyond that, some of AMD’s older CPUs will not be getting sinkhole mitigations.
Is news about “Sinkhole” overblown?
Most news outlets have focused on the fact that millions of AMD CPUs could be affected by this vulnerability. While this fact is true, most articles do not dive into the challenges hackers will have exploiting this vulnerability. Hackers need kernel level access to exploit sinkhole. Basically, they already need to get through several layers of security to even get a chance to use sinkhole. Your system essentially needs to be hacked already for sinkhole to be exploited.
Another factor that’s worth noting is that this exploit was discovered by researchers. This is no evidence that this exploit has ever been used “in the wild”. This has given AMD time to release firmware fixes for most of their modern CPUs before the reveal of “sinkhole”.
In a background statement to WIRED, AMD emphasized the difficulty of exploiting Sinkclose: To take advantage of the vulnerability, a hacker has to already possess access to a computer’s kernel, the core of its operating system. AMD compares the Sinkhole technique to a method for accessing a bank’s safe-deposit boxes after already bypassing its alarms, the guards, and vault door.
Does this mean that AMD can ignore the dangers of sinkhole? Of course not. Even if it is hard to exploit, the danger is still there and AMD should mitigate it. As for AMD users, there isn’t that much to worry about. Most modern AMD CPUs are getting firmware updates that will mitigate this exploit. That means that you should be able to fix this issue with a simple BIOS update. However, it is worth noting that not all modern AMD CPUs are getting sinkhole mitigations.
(AMD’s security bulletin page for Sinkhole (CVE-2023-31315))
Fixes should be available for all AM4 CPU users, not just the latest chips
Curiously, AMD’s Ryzen 1000 and Ryzen 2000 desktop (AM4) CPUs are not mentioned in AMD’s security bulletin page. Furthermore, AMD has stated that there is “no fix planned” for Ryzen 3000 series “Matisse” processors. First off, we would like for AMD to confirm if their Ryzen 1000/2000 series Zen/Zen+ desktop CPUs are potentially vulnerable to sinkhole. Furthermore, we would like AMD’s Ryzen 3000 series (and all other Zen-based AMD AM4 CPUs) to receive sinkhole mitigations. After all, AMD is already updating their AM4 platforms with new firmware to address this issue. Why not have the mitigations apply to all AM4 processors?
While news of the AMD “sinkhole” vulnerability is a little overblown, it would be good to see all Ryzen CPUs receive firmware mitigations.
You can join the discussion on news of AMD’s “sinkhole” vulnerability being overblown on the OC3D Forums.