Security News > 2024 > August > AMD won’t patch Sinkclose security bug on older Zen CPUs

The bug allows malicious software and rogue privileged users with access to the operating system kernel to run code in System Management Mode, a highly privileged execution environment present in x86 processors from Intel and AMD. SinkClose is unique to AMD. SMM sits below the kernel and hypervisor, as well as applications, in that the management mode has unrestricted access to and control of the machine.

ZenHammer comes down on AMD Zen 2 and 3 systems Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats What's going on with AMD funding a CUDA translation layer, then nuking it? AMD's latest desktop CPUs feature lower prices yet again as Intel readies a fightback.

The Register understands AMD considers models it won't patch as having exited support.

If you're wondering if that means AMD's Zen and Zen+ desktop CPUs aren't getting patched, the fact that the chipmaker says there is "No fix planned" for vulnerable Zen 2-based Ryzen 3000 desktop CPUs codenamed "Matisse" should clear up any doubts.

Earlier this year, AMD patched CVE-2023-20577 on Ryzen 3000 desktop CPUs; AMD's decision to not patch Sinkclose on the very same processors may mark the end of security updates for the processors.

The Register has asked AMD to clarify if Ryzen 1000 and 2000 desktop CPUs are vulnerable, and why it's decided to not patch Ryzen 3000 chips.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/08/13/amd_sinkclose_patches/