News AMD's 'Sinclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, m...

[Admin]

Virtually unfixable 'Sinclose' vulnerability affects hundreds of millions of AMD EPYC, Ryzen, Athlon, Phenom, and other processors.

AMD's 'Sinclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, m... : Read more

 

[Marlin1975]

"To exploit this flaw, attackers must first gain access to a system's kernel, which isn't easy, but it is possible. However, the system must already have been compromised by some other attack. "

So in other words, a nothing burger.

 

[nightbird321]

Yes, hackers can do bad things after they already have complete control of your computer.

 

[jeremyj_83]

"To exploit this flaw, attackers must first gain access to a system's kernel, which isn't easy, but it is possible. However, the system must already have been compromised by some other attack. "

So in other words, a nothing burger.

Correct

 

[mhmarefat]

They suggest that advanced state-sponsored hackers likely already have the tools to exploit these kinds of vulnerabilities.

How about the states themselves? Some states do not even need to sponsor any hackers as they already have implemented backdoors inside ALL AMD and Intel CPUs since 2006. Intel Management Engine and AMD Secure Technology are both backdoors in complete NSA control (see here). And BTW, these operate completely independent of the OS and all they require is an internet connection. (See for example NotebookCheck, me_cleaner, even US controlled wikipedia)

As Intel has confirmed[84] the ME contains a switch to enable government authorities such as the NSA to make the ME go into High-Assurance Platform (HAP) mode after boot. This mode disables most of ME's functions,[76][85] and was intended to be available only in machines produced for specific purchasers like the US government

So spare me this BS fearmongering. Suddenly ppl are worried about data theft.

 

[edzieba]

Yes, hackers can do bad things after they already have complete control of your computer.

Persistent rootkits (as this enables) are far more insidious. Format the drive, reinstall the OS, even swap to a brand new drive? the malware install persists. Pop the CPU out of an infected system and install it in a new system? The new system is infected.
A single threat actor adding a rootkit to CPUs before reselling on eBay (or any other supply chain vulnerable to 3rd party insertion, such as Amazon fulfilment) could gain root access to as many boxes as they can ship CPUs, with no trivial way for end users to identify the infection, let alone remove it.

Management-engine persistent malware is particularly nasty to deal with.

Plus, AMD have decided to straight up NO FIX PLANNED the Ryzen 3000 series, so if you own one then no fix for you.

 

[stuff and nonesense]

“Plus, AMD have decided to straight up NO FIX PLANNED the Ryzen 3000 series, so if you own one then no fix for you.”

Not a justification, the 3000 series chips are 5 years old, 2 full generations. Chips to replace them from the 5000 series are inexpensive.
My guess is that AMD reckon that there aren’t enough 3000 series chips in use now and it’s a potential way to sell some more 5000 parts.

 

[Gururu]

Good reminder on vulnerabilities we face in general. Nothing is safe, particularly among state sponsored threats which could give a darn about the actual user information but can use a network attached workstation to terrible effect. Thanks for the reporting.

 

[jakegg0926gg]

Is this like saying "if a robber has broken into your house, he can steal some of your stuff"?

 

[vanadiel007]

Well, we do have secure boot so that should allow us to boot securely, right?

So yes, security is as secure as the key to your door.

 

[bluvg]

AMD likens the Sinkhole technique to gaining access to a bank's safe deposit boxes after already getting past its alarms, guards, and vault door.

No, it's worse than that. It's like getting past all those things and allowing the installation of a secret door to the vault so that even if the bank kicks the thief out of the building, gets more guards, and upgrades the alarms, the thief can let themselves right back in directly to the vault, past the guards, without triggering any of the alarms.

 

[rluker5]

Persistent rootkits (as this enables) are far more insidious. Format the drive, reinstall the OS, even swap to a brand new drive? the malware install persists. Pop the CPU out of an infected system and install it in a new system? The new system is infected.
A single threat actor adding a rootkit to CPUs before reselling on eBay (or any other supply chain vulnerable to 3rd party insertion, such as Amazon fulfilment) could gain root access to as many boxes as they can ship CPUs, with no trivial way for end users to identify the infection, let alone remove it.

Management-engine persistent malware is particularly nasty to deal with.

Plus, AMD have decided to straight up NO FIX PLANNED the Ryzen 3000 series, so if you own one then no fix for you.

I was thinking the same thing about inexpensive no name pcs from places like AliExpress. And maybe Lenovo.

 

[Alan_Peery]

Correct

Incorrect. Did you fail to note that a specialized recovery procedure was required, as a operating system reinstall wouldn't be enough to restore function?

 

[Alan_Peery]

Is this like saying "if a robber has broken into your house, he can steal some of your stuff"?

That, but also he can hide undetectable under your bed and emerge again whenever he likes.

 

[Vanderlindemedia]

Technically you could break-out on a virtual machine?

 

[hotaru251]

i know as a news site u want clicks..but can we not be so critical of an issue that will never effect more than .1% of systems if ever?

it requires Kernel access...and if they are in your kernel then you are boned regardless.

 

[spongiemaster]

i know as a news site u want clicks..but can we not be so critical of an issue that will never effect more than .1% of systems if ever?

it requires Kernel access...and if they are in your kernel then you are boned regardless.

Think about the 2nd hand market. Laptops in particular are popular items to buy used.

 

[umeng2002_2]

Wired and Toms assume processors from 2006 are affected, yet AMD only acknowledged Zen and Epyc chips.

 

[domih]

Persistent rootkits (as this enables) are far more insidious. Format the drive, reinstall the OS, even swap to a brand new drive? the malware install persists. Pop the CPU out of an infected system and install it in a new system? The new system is infected.
A single threat actor adding a rootkit to CPUs before reselling on eBay (or any other supply chain vulnerable to 3rd party insertion, such as Amazon fulfilment) could gain root access to as many boxes as they can ship CPUs, with no trivial way for end users to identify the infection, let alone remove it.

Management-engine persistent malware is particularly nasty to deal with.

Plus, AMD have decided to straight up NO FIX PLANNED the Ryzen 3000 series, so if you own one then no fix for you.

<<Pop the CPU out of an infected system and install it in a new system? The new system is infected.>>

Root kits are installed in the BIOS chip, other devices with RW firmware, disk MBR etc, but not the CPU itself.

 

[ravewulf]

Has anyone done a total of the number of times a research group has said something "cannot be fixed" only for it to be patched?

 

[SirStephenH]

"To exploit this flaw, attackers must first gain access to a system's kernel, which isn't easy, but it is possible. However, the system must already have been compromised by some other attack. "

So in other words, a nothing burger.

Did you just stop reading there?

Nissim and Okupski point out that although exploiting Sinkclose requires kernel-level access, vulnerabilities at this level are frequently discovered in Windows and Linux systems. They suggest that advanced state-sponsored hackers likely already have the tools to exploit these kinds of vulnerabilities. According to researchers, kernel exploits are readily available, making Sinkclose the next step for attackers.

 

[SirStephenH]

<<Pop the CPU out of an infected system and install it in a new system? The new system is infected.>>

Root kits are installed in the BIOS chip, other devices with RW firmware, disk MBR etc, but not the CPU itself.

Yep. Nothing can be stored in a CPU, the only long-term storage on them is read only. It will always be in the same state as it was when it was manufactured.

Even microcode updates (CPU patches) are stored in the BIOS or hard drive and are applied during every boot by the BIOS or OS respectively.

 

[Li Ken-un]

Does this affect Zen 5? I would assume not since AMD had 10 months of prior knowledge. Would be silly to launch Zen 5 without having already addressed it.

 

[Alvar "Miles" Udell]

I find it hard to believe it was unknown for 18 years, but it was likely, like Meltdown and Spectre, but was classified as "way too difficult to exploit" and not worried about until someone made waves.

 

[JRStern]

<<Pop the CPU out of an infected system and install it in a new system? The new system is infected.>>

Root kits are installed in the BIOS chip, other devices with RW firmware, disk MBR etc, but not the CPU itself.

Thank you. I've been wondering what they're talking about.
But I thought there might be some other chip, that perhaps used to be on the motherboard but might have gotten packaged in with the CPU while I wasn't paying attention, wasn't there some Chinese chip accused of some such hackery?