AMD processors dating back to 2006 are now under scrutiny due to a newly discovered security vulnerability known as ‘Sinkclose,’ which affects hundreds of thousands of devices. Although AMD has initiated updates for its various new models, some older models, like the Ryzen 1000, 2000, and 3000 series and Threadripper 1000 and 2000 chips, are left out.
The Sinkclose vulnerability, as it is being called, poses a severe security risk by allowing attackers to gain access to the system’s kernel, a critical component that manages hardware and system operations.
Exploiting this vulnerability could enable attackers to execute unauthorised commands and take full control of the affected device. The attack vector is particularly sophisticated, typically associated with state-sponsored actors, making it a formidable threat to targeted systems.
As noted by experts, the vulnerability is not universally applicable across all AMD processors. AMD has rolled out patches for several processor families, including its EPYC data centre processors, the latest Threadripper, and Ryzen models.
AMD has prioritised updating its Ryzen Embedded and EPYC Embedded systems, recognising the unique risks associated with these products. Embedded systems often operate continuously with minimal human intervention, making them prime targets for exploitation if left unprotected.
Notably, these security updates also cover the recently released MI300A data centre chips. The company assures that these patches will not impact system performance, though testing is ongoing to confirm this.
While AMD has swiftly addressed the Sinkclose vulnerability in many of its recent processors, it has forgotten about the old ones. The company has confirmed that it has no plans to update certain older models, including the Ryzen 1000, 2000, and 3000 series and the Threadripper 1000 and 2000 models.
“There are some older products that are outside our software support window,” an AMD spokesperson told Tom’s Hardware.
The exclusion of these processors from the security updates raises concerns, particularly among consumers who continue to use these still-popular models. Without a patch, these systems could remain vulnerable to exploitation, especially if the Sinkclose vulnerability becomes more widespread.
Cyber security experts have advised eligible users to update the firmware as soon as possible, even if the likelihood of being targeted by a state-sponsored actor is low. However, the situation is a bit complex for users of older processors. These users have been advised to upgrade to a newer model while employing additional security measures to protect their systems.
Here’s a list of all the AMD chips that are receiving the security patches to mitigate the Sinkclose flaw:
Data Center | Embedded | Desktop | High-End Desktop Computer (HEDT) | Workstation | Mobile |
---|---|---|---|---|---|
1st Gen AMD EPYC (Naples) | AMD EPYC Embedded 3000 | AMD Ryzen 5000 Series (Vermeer/Cezanne) | AMD Ryzen Threadripper 3000 Series (Castle Peak) | AMD Ryzen Threadripper PRO (Castle Peak) | AMD Athlon 3000 Series with Radeon Graphics (Dali/Pollock) |
2nd Gen AMD EPYC (Rome) | AMD EPYC Embedded 7002 | AMD Ryzen 7000 Series (Raphael) X3D | AMD Ryzen Threadripper 7000 Series (Storm Peak) | AMD Ryzen Threadripper PRO 3000WX (Chagall) | AMD Ryzen 3000 Series with Radeon Graphics (Picasso) |
3rd Gen AMD EPYC (Milan/Milan-X) | AMD EPYC Embedded 7003 | AMD Ryzen 4000 Series with Radeon Graphics (Renoir) | AMD Ryzen 4000 Series with Radeon Graphics (Renoir) | ||
4th Gen AMD EPYC (Genoa/Genoa-X/Bergamo/Siena) | AMD EPYC Embedded 9003 | AMD Ryzen 8000 Series with Radeon Graphics (Phoenix) | AMD Ryzen 5000 Series with Radeon Graphics (Cezanne/Barcelo) | ||
AMD Instinct MI300A | AMD Ryzen Embedded R1000 | AMD Ryzen 6000 Series with Radeon Graphics (Rembrandt) | |||
AMD Ryzen Embedded R2000 | AMD Ryzen 7020 Series with Radeon Graphics (Mendocino) | ||||
AMD Ryzen Embedded 5000 | AMD Ryzen 7030 Series with Radeon Graphics (Barcelo-R) | ||||
AMD Ryzen Embedded 7000 | AMD Ryzen 7035 Series with Radeon Graphics (Rembrandt-R) | ||||
AMD Ryzen Embedded V1000 | AMD Ryzen 7040 Series with Radeon Graphics (Phoenix) | ||||
AMD Ryzen Embedded V2000 | AMD Ryzen 7045 Series (Dragon Range) | ||||
AMD Ryzen Embedded V3000 | AMD Ryzen with Radeon Graphics (Hawk Point) |
In the News: Phishing attack unleashes 0bj3ctivity Stealer via Discord links