News Gigabyte details BIOS roll-out plan to neutralize Sinkclose vulnerability — eligible AMD CPUs should be patched by end of the month

[Admin]

Gigabyte has confirmed that it will release the latest BIOS for AMD CPUs containing new AGESA microcode to mitigate the Sinkclose vulnerability, and the process will be completed by the end of August.

Gigabyte details BIOS roll-out plan to neutralize Sinkclose vulnerability — eligible AMD CPUs should be patched by end of the month : Read more

 

[NinoPino]

@Author there is a typo in : "... on its Ryzen 3000 series desktop process, ..."

 

[Alvar "Miles" Udell]

The new BIOS should confirm the existence of a R5 5500X3D, since I find it difficult to believe AMD would require yet another BIOS release after this one to support it.

https://www.tomshardware.com/pc-com...ble-3d-v-cache-cpu-yet-socket-am4-rides-again

 

[ThisIsMe]

“It's safe to speculate since hackers did not exploit this for 18 years, it's unlikely users would need to be concerned until they receive the BIOS for their AMD motherboards.”

To be realistic and honest, it’s never safe to speculate. That sounds pessimistic, but if you’re going to give advice in a news article then be sure it’s realistic considering there is no way of proving it’s correctness. That said, no one has said it has not been exploited in 18 years, so to say otherwise is beyond the realm of speculation.

The only known is that It hasn’t been publicly disclosed that it has been exploited. Also, by the time the patches roll out and the number of patched systems reaches a significant percentage, there could be plenty of time for many systems to be exploited.

Beyond that, the used AMD processor market is basically a mine field now. No way to know if you’re buying a CPU that isn’t patched, or worse, buying one that is already infected. Since there is no real way to fix it once it is infected and the only way to know if it is would be through external monitoring. Imagine state funded programs buying up CPU’s and reselling them once they’ve been exploited. Rough times ahead.

 

[jp7189]

“It's safe to speculate since hackers did not exploit this for 18 years, it's unlikely users would need to be concerned until they receive the BIOS for their AMD motherboards.”

To be realistic and honest, it’s never safe to speculate. That sounds pessimistic, but if you’re going to give advice in a news article then be sure it’s realistic considering there is no way of proving it’s correctness. That said, no one has said it has not been exploited in 18 years, so to say otherwise is beyond the realm of speculation.

The only known is that It hasn’t been publicly disclosed that it has been exploited. Also, by the time the patches roll out and the number of patched systems reaches a significant percentage, there could be plenty of time for many systems to be exploited.

Beyond that, the used AMD processor market is basically a mine field now. No way to know if you’re buying a CPU that isn’t patched, or worse, buying one that is already infected. Since there is no real way to fix it once it is infected and the only way to know if it is would be through external monitoring. Imagine state funded programs buying up CPU’s and reselling them once they’ve been exploited. Rough times ahead.

Completely agree with what you've said. Since it's so hard to detect, it's likewise hard to know if this has been exploited.

 

[Roland Of Gilead]

there could be plenty of time for many systems to be exploited.

Well, yeah, there's time But to exploit this, the system already has to be compromised, so that the attacker can use the exploit to gain access to the kernel, both of which are pretty hard to do.

 

[Giroro]

I updated from AGESA 1.2.0.3b (2021) to the recent security update for CVE-2024-36877 on my MSI/X570/5900X System. I thought this was for Sinkclose. Looking at it now, maybe that was added one version earlier.

Either way, the update gave me a massive memory leak in premiere pro, and I was never able to find stable memory OC settings - even at severely reduced speeds to a previously stable OC. The memory leak was still a problem even at stock settings. I think the system was no longer able to correctly free-up used memory, and premiere just uses a lot of memory in a way to make that noticable.
I rolled back to AGESA 1.2.0.B and things seem better, if anybody else is finding themselves with new stability issues, can't open certain premiere files, or are running out of memory at weird times.

 

[Psiboy69]

Gigabyte took 6 months to roll out the last big AMD security fix. AMD published the agesa in December and gigabyte have is the BIOS based on it in July. They really are pathetically slow given how important these updates are. They are making Asus support look good. 🤣

 

[schwaggins]

I updated from AGESA 1.2.0.3b (2021) to the recent security update for CVE-2024-36877 on my MSI/X570/5900X System. I thought this was for Sinkclose. Looking at it now, maybe that was added one version earlier.

Either way, the update gave me a massive memory leak in premiere pro, and I was never able to find stable memory OC settings - even at severely reduced speeds to a previously stable OC. The memory leak was still a problem even at stock settings. I think the system was no longer able to correctly free-up used memory, and premiere just uses a lot of memory in a way to make that noticable.
I rolled back to AGESA 1.2.0.B and things seem better, if anybody else is finding themselves with new stability issues, can't open certain premiere files, or are running out of memory at weird times.

Thanks for the warning I'll wait until the next update.

 

[Giroro]

Thanks for the warning I'll wait until the next update.

The Gigabyte update might be ok, since I don't know if it was an issue with that MSI specific patch. Just keep an eye on your memory stability if you do update.