Source: Pc Gamer, TechPowerUp
Since 2006, a critical security flaw known as “Sinkclose” (CVE-2023-31315) has been identified in all AMD processors, potentially affecting hundreds of millions of devices worldwide.
This vulnerability allows malicious actors to exploit the chip architecture, leading to unauthorized access to sensitive data and allowing access to some of the deepest parts of the chip. Researchers Enrique Nissim and Krzysztof Okupski, from the security firm IOActive, have revealed that the vulnerability can be exploited through various methods, enabling attackers to extract confidential information from affected systems, including passwords and personal data. Attackers could use the flaw to install virtually undetectable malware that is extremely difficult to remove. However, gaining kernel access in the first place is no easy task, and AMD has already begun releasing fixes for some of the affected chips (via Bleeping Computer).
The issue is especially concerning, given that it is present in all AMD CPUs made in the last 18 years and their widespread use in consumer and enterprise environments. However, to exploit this vulnerability, an attacker must possess access to the system’s kernel. Downloading malware-infused files can trigger it, so general safety measures are recommended.
The Sinkclose method exploits a little-known capability in AMD processors called TClose. This name is a blend of “TClose” and “Sinkhole,” referring to a previous vulnerability found in Intel’s System Management Mode in 2015. AMD chips employ a protective mechanism named TSeg, which blocks operating systems from accessing a specific memory area reserved for System Management Mode (SMM), known as System Management Random Access Memory (SMRAM). However, the TClose feature is designed to maintain backward compatibility with older hardware that might use the same memory addresses as SMRAM. It does this by remapping memory when activated. The security experts discovered they could manipulate this TClose remapping function using only standard operating system permissions. By doing so, they could deceive the SMM into retrieving altered data, enabling them to redirect the processor and run their instructions with the high-level privileges of SMM. This technique allows attackers to bypass standard security measures and execute malicious code at one of the most privileged levels of the processor, potentially compromising the entire system.
AMD has released an advisory notice detailing chips that are vulnerable to the attack. To fix the flaw, firmware fixes for BIOS updates are being provided to OEMs. However, Ryzen 3000, 2000, and 1000 series chips will not receive updates, as AMD told Tom’s Hardware that “there are some older products that are outside our software support window.” Many of AMD’s most recent processors have already received updates to remove the vulnerability.