Security researchers have highlighted a new vulnerability, ‘SinkClose,’ affecting AMD CPUs that allow malicious code execution following an exploit. AMD, while addressing the vulnerability, clarifies that it typically impacts ‘seriously breached systems.’
SinkClose Vulnerability Threatens AMD CPUs
Researchers from IOActive discovered a new security flaw affecting AMD processors. They shared the details at the recent Defcon 2024, elaborating on how the vulnerability, named ‘SinkClose,’ risks AMD CPUs to code execution attacks. Specifically, the vulnerability affects the AMD chips’ System Management Mode (SMM).
Simply put, SMM is an isolated operating mode in x86 architecture that serves BIOS or firmware to perform low-level system-wide operations, such as power management and hardware control. Since SMM remains inaccessible to the operating system or system applications, codes at this level remain invisible to the Hypervisor and OS-level protections.
The privilege escalation vulnerability that IOActive researchers detected in AMD CPUs could allow an adversary to bypass secure boot and modify SMM settings to deploy virtually undetectable malware on the target systems.
Exploiting the flaw requires an adversary to have Kernel-level access (Ring 0), which allows Ring-2 privileges. This enables the attacker to modify SMM, which would remain invisible to the system’s antivirus programs. Thus, the malware deployed this way would persist even after wiping the system drive clean.
This vulnerability has received the CVE ID CVE-2023-31315 and achieved a high severity rating with a CVSS score of 7.5. The vulnerability description states,
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
AMD Released The Patch
In response to the IOActive researchers’ findings, AMD released a detailed advisory acknowledging the vulnerability. The vendor also released separate security fixes for different processors, urging users to patch their systems.
Alongside releasing the patch, AMD also clarified that the threat basically risks old, vulnerable systems. According to their statement to SecurityWeek,
While the issue only affects seriously breached systems, AMD prioritizes security. We believe our mitigations available today are an appropriate response to the threat.
AMD has released mitigation options for its AMD EPYC™ datacenter products and AMD Ryzen™ PC products.
Let us know your thoughts in the comments.