Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

[email protected]

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

AMD has issued security patches to tackle the “Sinkclose” vulnerability impacting its processors, however, some of its older but widely-used chips will not be patched. This vulnerability, revealed by IOActive security researchers, affects processors going back to 2006 and could permit attackers to compromise systems without detection.

AMD has made mitigation options available for many of its newer processors, such as all EPYC data center processor generations, the newest models of Threadripper, and Ryzen processors. However, the company will not provide these updates for its older Ryzen 1000, 2000, and 3000 series processors or the Threadripper 1000 and 2000 models.

These older processors, which are still used by numerous consumers, will remain unprotected. The decision to not update older chips poses questions about the security of systems that continue to operate with these processors.

“Neglecting to update older processors with the ‘Sinkclose’ patch could harm AMD’s customer trust and loyalty,” mentioned Arjun Chauhan, a senior analyst at Everest Group. “Enterprises that rely on these well-established chips might feel overlooked, leading to discontent and potentially pushing them towards competitors who provide more extensive support lifecycles.”

AMD’s new Ryzen 9000 and Ryzen AI 300 series processors, recently launched, are not mentioned in the current security update list. It is speculated that these chips might already be immune to the vulnerability right from manufacturing.

AMD suggests that owners of their older processor generations should follow regular security measures. However, without specific patches, these systems might be more susceptible to threats. The “Sinkclose” exploit, requiring kernel access, is normally linked to advanced, often state-backed, cyber attackers, and calls for increased user vigilance.

“Those older unpatched AMD processors, which are highly susceptible, present a significant concern for enterprises,” commented Chauhan. “The vulnerability’s persistence through operating system reinstalls and its ability to circumvent conventional security frameworks jeopardize critical data and the overall system integrity. It potentially undermines Secure Boot and other critical security setups, leading to major operational issues, data violations, and elevated maintenance expenses for businesses.”

Despite the severity of the threat, Neil Shah, VP at Counterpoint Research, notes that exploiting this vulnerability requires kernel-level system access, which is not readily achievable except by highly skilled hackers. Thus, the immediate risk is deemed low.

“This should give AMD some plan to strategize and offer some upgrade solutions with OEM and channel partners for systems where it might not be technically feasible or viable to offer a firmware patch,” he said.

The vulnerability, termed AMD Sinkclose by IOActive, is classified as high severity. It enables a privilege escalation from ring 0 (the OS kernel) to ring -2, the most privileged execution level on a computer.

Though the bug was there in the AMD chips for over a decade, it has not been exploited yet, or at least there is no “report” of such incidents. However, its discovery opens up the playground for the bad actors. To make things worse, the company is not offering patches for all the vulnerable systems.

This perception of inadequate security support could result in negative press and erode AMD’s standing in the market, especially when AMD is making significant progress with its cost-effective confidential computing capable processors,” said Chauhan.

“Furthermore,” Chauhan emphasized, “should unaddressed vulnerabilities in AMD products lead to substantial harm, especially within Europe, the company might face legal consequences. It’s crucial for AMD to maintain open communication and perhaps provide remedies to those impacted.”

“Moreover,” added Chauhan, “persisting with these processors could pose compliance issues and considerable economic repercussions stemming from potential security breaches. Without updates, these systems remain vulnerable to advanced attacks, threatening sustained damage.”

The dynamic nature of cybersecurity underscores the difficulties AMD faces in securing its extensive and varied line of products, particularly as outdated equipment continues to be utilized.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x