News AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 1000, 2000, and 3000 will not get patched, among others

[Admin]

AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 1000, 2000, and 3000 will not get patched, among others : Read more

 

[-Fran-]

"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."

"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

/facepalm

Regards...?

 

[CelicaGT]

While I'm personally no expert on these particular matters, it has been made clear to me by someone who is, that this is of little consequence for the home user as it requires an extremely complex, targeted attack. No one is going to be collateral damage and this is the main reason AMD isn't too concerned with patching older, consumer level machines. For us, the risk is basically nil.

 

[Li Ken-un]

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

I’d imagine this includes scenarios like booting into a USB stick. The OS on the USB stick is compromised, and either you had to turn secure boot off to use it (e.g., Ventoy) or the compromise did not affect secure boot verification. In either case, you’d have a deeply buried rootkit and your main installed OS wasn’t involved at all. All that had to be done was to boot your computer with an already prepared vector of infection.

 

[Gururu]

Nothing wrong with believing it is a true vulnerability from a homeland security perspective. If I had an AMD though, I wouldn't worry about it much since the dark web already has my social security LOL c/o the banking, credit and healthcare industries.

 

[Amdlova]

amd ryzen 1xxx 2xxx are so problematic amd try hard to hidden these cpus.
Amd don't want patch these cpus because all the epyc cpus out there. Amd want piles of e-waste

 

[tamalero]

I’d imagine this includes scenarios like booting into a USB stick. The OS on the USB stick is compromised, and either you had to turn secure boot off to use it (e.g., Ventoy) or the compromise did not affect secure boot verification. In either case, you’d have a deeply buried rootkit and your main installed OS wasn’t involved at all. All that had to be done was to boot your computer with an already prepared vector of infection.

That still need someone to have access to your system in the first place. And to have credentials to boot it and have time to do all the things you mentioned.

 

[Makaveli]

amd ryzen 1xxx 2xxx are so problematic amd try hard to hidden these cpus.
Amd don't want patch these cpus because all the epyc cpus out there. Amd want piles of e-waste

Don't know if that is it.

Most enterprise would be on support contracts with their server\workstations. And those machine are old enough that they would have been swapped out for something newer years ago. Alot of companies will do a hardware refresh at like 3-5 years depending on contract.

 

[rluker5]

"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."

"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

/facepalm

Regards...?

Drivers often have access to the kernel.
Videocardz could infect the masses. Well at least whoever gets updated drivers from there.
At least Windows prompts you before you install something.

 

[spongiemaster]

"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."

"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

/facepalm

Regards...?

2nd hand market. Early generation Zen CPU's you're 99.99% likely to be buying them used. Do you know where that system has been?

 

[SonoraTechnical]

Really disappointed in Tom's Hardware on this one... It's a sensationalistic headline for generating clicks. You are overstating a threat that's actually never been implemented.

Keep this kind of reporting up and I'll just get my news elsewhere.

 

[torbjorn.lindgren]

"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."
"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

Nope, kernel access is ring 0, this is a persistent ring -2 (worse) exploit. Not the first such one, Intel has had several in their Management Engine for example, not sure it's even AMDs first one for Ryzen - and each time one is found it is a big deal.

The reason this is WAY worse than mere kernel access is that it's much harder (sometimes impossible) to detect, and is very resistant to "normal" methods of solving infections.

IE - someone gets infected. Fairly normal procedure is to reinstall on clean media and you're fine - this won't work for this, it's still infected! To get rid of the infection you often must take out and discard the CPU in addition to doing secure deletion (or destruction) of all storage because it's now hidden deep inside the secure enclave on the CPU.

Many people uses laptop these days and often the only way to get rid of something like this there is to feed the motherboard into a shredder - or likely the entire laptop if your warranty doesn't cover this since a replacement motherboard is usually more expensive than a new laptop.

It's mitigated by first requiring the much lesser "full kernel" access and that actually using it is very complicated, at least at this point. The first means it's mostly not a problem for normal users, the second reduces it to people of special interest, like finance or military unless the second gets solved (which it may).

So, yes, it's a bit overblown but your specific complaint is fully covered in the article.

 

[Alvar "Miles" Udell]

I think the real news from this is that AMD is effectively saying that the "software support window" for CPUs, at least Ryzen chips, is five years. Given how fast modern processors are these days and the capabilities (PCIe, connectivity, etc) of them meaning upgrading them even every 5 years for most people isn't a consideration. What's going to happen when an actual big bug is discovered and AMD says "You know your perfectly good CPU that's not really that much slower than a new one? We won't fix it, so buy a new one anyway"? I think the chances of that have just increased.

Actually since AMD knew about this for 10 months, basically the "software support window" would be about 4 years.

 

[Amdlova]

Really disappointed in Tom's Hardware on this one... It's a sensationalistic headline for generating clicks. You are overstating a threat that's actually never been implemented.

Keep this kind of reporting up and I'll just get my news elsewhere.

You can't, tomshardware will find you

 

[vanadiel007]

I always thought secure boot was supposed to ensure we can securely boot. Is that not why they have enforced secure boot?

Sounds to me the more they add to make it "secure", the less secure it becomes.

 

[phxrider]

Really disappointed in Tom's Hardware on this one... It's a sensationalistic headline for generating clicks. You are overstating a threat that's actually never been implemented.

Keep this kind of reporting up and I'll just get my news elsewhere.

It's not just Tom's. This is the 3rd or 4th article I've seen on the topic.

 

[Guardians Bane]

Got a question. What about mobile APUs? I saw the new Ai300 chips probably already have it fixed. What about the 6900hx? I have a Minisforum UM690s and wondering if it's affected and if so, will it get an update?

 

[Nyara]

Got a question. What about mobile APUs? I saw the new Ai300 chips probably already have it fixed. What about the 6900hx? I have a Minisforum UM690s and wondering if it's affected and if so, will it get an update?

Just turn on Windows updates.

I think the real news from this is that AMD is effectively saying that the "software support window" for CPUs, at least Ryzen chips, is five years. Given how fast modern processors are these days and the capabilities (PCIe, connectivity, etc) of them meaning upgrading them even every 5 years for most people isn't a consideration. What's going to happen when an actual big bug is discovered and AMD says "You know your perfectly good CPU that's not really that much slower than a new one? We won't fix it, so buy a new one anyway"? I think the chances of that have just increased.

Actually since AMD knew about this for 10 months, basically the "software support window" would be about 4 years.

It is more complex. There is likely an architectural change that makes the fix work for Zen 3 onward and not backwards, so covering older CPUs needs extra work. Extra work that feels pointless since this is a 18yo vulnerability, so most old CPUs either got infected already unknowingly or got spared with 0 risks.

Also, Microsoft dropped official support for non-TPM 2.0 CPUs, so all Ryzen 1000 and part of 2000 series are no longer covered. So AMD would need to dedicate an update to Ryzen 3000 and specific 2000 series only, which they are not willing for an old niche problem.

 

[wbfox]

We here at AMD freely acknowledge we sold you a horribly flawed product and stand by our response of , "sucks to be you," with regard to providing a fix. We hope to instead to have provided a contrast with out incompotent former competitor Intel, so that maybe all the fanboys out there will finally understand, corporations are not and never will be on your side or your friends. Yo mammas fat and ugly, I'm out. -Lisa Sue.

 

[Guardians Bane]

Just turn on Windows updates.

Ah, ok. Thanks! Guess I'm about to find out. Lol. Either way, no state actors wants my information anyway, I'm not that important. But it's always a good idea to like my stuff down as much as possible.

 

[wbfox]

N

Really disappointed in Tom's Hardware on this one... It's a sensationalistic headline for generating clicks. You are overstating a threat that's actually never been implemented.

Keep this kind of reporting up and I'll just get my news elsewhere

Oh good. So you don't, as an example, play league of legends? Helldivers 2? Anything with anti-cheat? Good. That's good. All of those idiots give, amongst others, China, kernel level access 24/7 so that they can make sure no one is cheating. Especially in the all PVE games. Gotta keep an eye on those.

 

[wbfox]

Ah, ok. Thanks! Guess I'm about to find out. Lol. Either way, no state actors wants my information anyway, I'm not that important. But it's always a good idea to like my stuff down as much as possible.

No, you're not important. Your hardware as a new zombie recruit however, is. And, I mean, if north korea gets some sort of access they go after every penny. Hard to keep an entire population that is starving pacified when their glorious leader flaunts his flab every chance he has. They need that $2 in your savings account.

 

[wbfox]

"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."

"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

/facepalm

Regards...?

It's funny because you think Kernel 0 is the bottom, most secure level. No one told you about Kernel -1, Kernel -2....and how Kernel 0 shouldn't be able to access those. Oops, didn't mean to inform you. Knowledge is bad.

 

[CelicaGT]

Really disappointed in Tom's Hardware on this one... It's a sensationalistic headline for generating clicks. You are overstating a threat that's actually never been implemented.

Keep this kind of reporting up and I'll just get my news elsewhere.

I get my tech news from many sources, Tom's is....OK. There is some NVIntel bias here but the meat of the articles generally provides the facts. That said, the recent Intel issues were a hot topic here and more of a "meh" elsewhere. Not sure what that indicates. I'm cool along as *insert offending vendor here* covers my ass. I'm generally pretty hardware agnostic.

(edit: drank too much to spell, fixed.)

 

[Rob1C]

Some links in the article would have been nice:

DEF CON Official Talk | AMD Sinkclose: Universal Ring-2 Privilege Escalation | Las Vegas, NV – IOActive

ioactive.com

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

www.wired.com

https://labs.ioactive.com/2023/06/back-to-future-with-platform-security.html