Skip to content

AMD refuses to patch Sinkclose flaw in older Ryzen and Threadripper chips

  • by
  • 4 min read

AMD processors dating back to 2006 are now under scrutiny due to a newly discovered security vulnerability known as ‘Sinkclose,’ which affects hundreds of thousands of devices. Although AMD has initiated updates for its various new models, some older models, like the Ryzen 1000, 2000, and 3000 series and Threadripper 1000 and 2000 chips, are left out.

The Sinkclose vulnerability, as it is being called, poses a severe security risk by allowing attackers to gain access to the system’s kernel, a critical component that manages hardware and system operations.

Exploiting this vulnerability could enable attackers to execute unauthorised commands and take full control of the affected device. The attack vector is particularly sophisticated, typically associated with state-sponsored actors, making it a formidable threat to targeted systems.

As noted by experts, the vulnerability is not universally applicable across all AMD processors. AMD has rolled out patches for several processor families, including its EPYC data centre processors, the latest Threadripper, and Ryzen models.

AMD has prioritised updating its Ryzen Embedded and EPYC Embedded systems, recognising the unique risks associated with these products. Embedded systems often operate continuously with minimal human intervention, making them prime targets for exploitation if left unprotected.

Notably, these security updates also cover the recently released MI300A data centre chips. The company assures that these patches will not impact system performance, though testing is ongoing to confirm this.

While AMD has swiftly addressed the Sinkclose vulnerability in many of its recent processors, it has forgotten about the old ones. The company has confirmed that it has no plans to update certain older models, including the Ryzen 1000, 2000, and 3000 series and the Threadripper 1000 and 2000 models.

“There are some older products that are outside our software support window,” an AMD spokesperson told Tom’s Hardware.

The exclusion of these processors from the security updates raises concerns, particularly among consumers who continue to use these still-popular models. Without a patch, these systems could remain vulnerable to exploitation, especially if the Sinkclose vulnerability becomes more widespread.

Cyber security experts have advised eligible users to update the firmware as soon as possible, even if the likelihood of being targeted by a state-sponsored actor is low. However, the situation is a bit complex for users of older processors. These users have been advised to upgrade to a newer model while employing additional security measures to protect their systems.

Here’s a list of all the AMD chips that are receiving the security patches to mitigate the Sinkclose flaw:

Data CenterEmbeddedDesktopHigh-End Desktop Computer (HEDT)WorkstationMobile
1st Gen AMD EPYC (Naples)AMD EPYC Embedded 3000AMD Ryzen 5000 Series (Vermeer/Cezanne)AMD Ryzen Threadripper 3000 Series (Castle Peak)AMD Ryzen Threadripper PRO (Castle Peak)AMD Athlon 3000 Series with Radeon Graphics (Dali/Pollock)
2nd Gen AMD EPYC (Rome)AMD EPYC Embedded 7002AMD Ryzen 7000 Series (Raphael) X3DAMD Ryzen Threadripper 7000 Series (Storm Peak)AMD Ryzen Threadripper PRO 3000WX (Chagall)AMD Ryzen 3000 Series with Radeon Graphics (Picasso)
3rd Gen AMD EPYC (Milan/Milan-X)AMD EPYC Embedded 7003AMD Ryzen 4000 Series with Radeon Graphics (Renoir)AMD Ryzen 4000 Series with Radeon Graphics (Renoir)
4th Gen AMD EPYC (Genoa/Genoa-X/Bergamo/Siena)AMD EPYC Embedded 9003AMD Ryzen 8000 Series with Radeon Graphics (Phoenix)AMD Ryzen 5000 Series with Radeon Graphics (Cezanne/Barcelo)
AMD Instinct MI300AAMD Ryzen Embedded R1000AMD Ryzen 6000 Series with Radeon Graphics (Rembrandt)
AMD Ryzen Embedded R2000AMD Ryzen 7020 Series with Radeon Graphics (Mendocino)
AMD Ryzen Embedded 5000AMD Ryzen 7030 Series with Radeon Graphics (Barcelo-R)
AMD Ryzen Embedded 7000AMD Ryzen 7035 Series with Radeon Graphics (Rembrandt-R)
AMD Ryzen Embedded V1000AMD Ryzen 7040 Series with Radeon Graphics (Phoenix)
AMD Ryzen Embedded V2000AMD Ryzen 7045 Series (Dragon Range)
AMD Ryzen Embedded V3000AMD Ryzen with Radeon Graphics (Hawk Point)

In the News: Phishing attack unleashes 0bj3ctivity Stealer via Discord links

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>