News AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 1000, 2000, and 3000 will not get patched, among others

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
I find it strange that Ryzen 3000 don't get the patch, as it's the first Zen 2 generation and Zen 2 was used for Ryzen 4000 (patched) and some laptop Ryzen 5000 (patched)... And considering AMD's use of a unified AGESA, should be covered too.
Either they patched it but didn't test it, or the affected component on that generation belonged to an earlier révision and didn't get the patch. Or something.
Edit : well, looks like it's something like the former : https://www.tomshardware.com/pc-com...es-course-and-will-patch-ryzen-3000-after-all
 
Last edited:

Aurn

Reputable
Jun 26, 2021
16
18
4,515
I am not sure about Zen + and Zen 2, but with Zen 1, it’s not so easy : on my old X370 board + Ryzen 7 1700X (I don’t use it anymore), I wouldn’t even be able to update the BIOS even if a patch were released because at some point, they stopped supporting the older CPUs (I think that it’s because the size/available space of the BIOS chips is too small ?). So, motherboard makers would need to add the patch to older BIOS versions as well, not just the latest ones for those boards
 

Steve Nord_

Commendable
Nov 7, 2022
90
16
1,535
amd ryzen 1xxx 2xxx are so problematic amd try hard to hidden these cpus.
Amd don't want patch these cpus because all the epyc cpus out there. Amd want piles of e-waste
Name doesn't check out. Doubt that's in their disclosures but go on and tell us your exposé of Applied Materials.
 
  • Like
Reactions: Amdlova

Steve Nord_

Commendable
Nov 7, 2022
90
16
1,535
So if out of support, AMD should enforce a recall of all remaining stock that is still being sold new and not allowing their resellers to sell faulty products. Maybe time for watchdogs to start enforcing patching for all so long as chips are being allowed to be sold new by manufacturers and their resellers.
Where will CTF and Cheating based schools get appropriate equipment upgrades from slide rule with sharpened D rule and DSP radio?
 

Steve Nord_

Commendable
Nov 7, 2022
90
16
1,535
Instead of prosecuting, arresting and keeping these "tech scoundrels" behind bars for life time, the mindset has been "I have nothing to hide anyway!" and instead the protectors of human dignity in our century are being shunned/witch hunted for life.

If extreme punishments were in place for breaching of Human private life, then the danger would be minimal/non-existent even. I have said it before, I hope Tom's Hardware realize that it is not only tech that can stop these practices, some new vulnerability will always be found,. what can truly protect our digital lives is strong laws/awareness of people . TH can begin using its influence to make people demand these laws from their lawmaker representatives and pressure them as the strongest enemies of human private life are already at top of power unfortunately.
Courts are famously affordable, maybe! Too bad about the schedules. Perhaps there's a nudge loop closer to durable stores and ciphers that would better suit polity but affect bad actors outside of representative law too.
 
While I'm personally no expert on these particular matters, it has been made clear to me by someone who is, that this is of little consequence for the home user as it requires an extremely complex, targeted attack. No one is going to be collateral damage and this is the main reason AMD isn't too concerned with patching older, consumer level machines. For us, the risk is basically nil.
But North Korea really wants access to my meme library lol!
 

EzzyB

Proper
Jul 12, 2024
56
78
110
"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."

"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

/facepalm

Regards...?
What I'm thinking here is the kind of thing we do hear about regularly. Domain admin has their credentials compromised. Domain admin can install software with kernal access on every machine in the domain....

That's a pretty big deal considering the possible outcome is a rootkit on the machines that requires the processor to be removed and hooked up to specialized hardware to remediate it.

So is it dangerous to your gaming PC? Nah, probably not unless you just play ridiculously fast and loose with security anyways, (or get hit with a supply-side attack in a vulnerable driver) but the potential impact elsewhere is pretty concerning.
 

JamesJones44

Reputable
Jan 22, 2021
867
808
5,760
"AMD processors dating back to 2006 reportedly suffer from a major security flaw that allows attackers to infiltrate a system virtually undetectable."

"Attackers need to access the system kernel to exploit the Sinkclose vulnerability"

If you already have access to the Kernel, this exploit is kind of a nothing-burger.

/facepalm

Regards...?
Yes and No. The issue is, once the kernel access is discovered in normal instances you can close that hole and be "safe" again. The issue with this vulnerability is even once the kernel hole is closed, the system is still exposed if the CPU vulnerability is exploited.

So in general I agree it's a low chance/vector of attack in the realm of a nothing-burger, but it's still a fairly severe vulnerability if a system does get compromised as one can't easily clean it if the exploit gets executed.
 
May 28, 2024
143
82
160
No, you're not important. Your hardware as a new zombie recruit however, is. And, I mean, if north korea gets some sort of access they go after every penny. Hard to keep an entire population that is starving pacified when their glorious leader flaunts his flab every chance he has. They need that $2 in your savings account.
Damn... I thought I was safe!!! Lmao... I feel for those in the north. I was stationed in S Korea when in the US Army. Amazing place. But we did learn a lot of stuff about those people in the north and their horrible living conditions.
 
Last edited by a moderator:

geog741

Honorable
May 17, 2018
6
0
10,510
If I wanted to know if I'm being or going to be updated on my 3 AMD (2 Ryzen's and 1 EPYC) systems, how would I go about it? :unsure:
 
I am not sure about Zen + and Zen 2, but with Zen 1, it’s not so easy : on my old X370 board + Ryzen 7 1700X (I don’t use it anymore), I wouldn’t even be able to update the BIOS even if a patch were released because at some point, they stopped supporting the older CPUs (I think that it’s because the size/available space of the BIOS chips is too small ?). So, motherboard makers would need to add the patch to older BIOS versions as well, not just the latest ones for those boards
No, don't worry, it's only pre - Zen processors that were dropped. On a B350 mobo with a Ryzen 1400X, I upgraded (in steps) from the original UEFI to the latest beta version which then allowed me to install a Ryzen 5500.
It unlocked the TPM, some RAM speed, increased boot speed, unlocked resizable BAR... Yeah, AM4 was a great platform !
On your X370 you should be even better off, as it's virtually identical to X470.
 
Status
Not open for further replies.