AMD has confirmed that a serious vulnerability called “Sinkclose” is affecting the processors it’s sold since 2006, which include both consumer CPUs and data center chips. To exploit the flaw, the attacker needs to access the operating system kernel, which isn’t an easy task. However, if successful, the attacker could infiltrate the computer in an undetectable way and carry out malicious operations, such as data theft.
The good news is that this vulnerability has been hidden for 18 years, so it’s likely that no attacker has exploited it until now. AMD has already taken action by releasing updates to address this issue in many of its microprocessors. AMD engineers are distributing these patches through BIOS updates, so it’s important for users to check their motherboard manufacturer’s website and update the BIOS if the Sinkclose patch is already available.
Some AMD Processors Won’t Receive the Patch for Sinkclose
Fortunately, AMD has already released patches for most of its latest processor generations. For consumer CPUs, these patches are available for the following Ryzen chip families: Ryzen 4000 (Renoir), Ryzen 5000 (Vermeer/Cezanne), Ryzen 7000 (Raphael), Ryzen 8000 (Phoenix), Athlon 3000 (Dali/Pollock), Ryzen 3000 (Picasso), Ryzen 4000 (Renoir), Ryzen 5000 (Cezanne/Barcelo), Ryzen 6000 (Rembrandt), Ryzen 7020 (Mendocino), Ryzen 7030 (Barcelo-R), Ryzen 7035 (Rembrandt-R), Ryzen 7040 (Phoenix), Ryzen 7045 (Dragon Range), and Ryzen with Radeon graphics (Hawk Point).
However, AMD has officially announced that it won’t be providing updates for all the processors it’s sold since 2006. Specifically, the Ryzen 1000, 2000, and 3000 series won’t receive a patch for the Sinkclose vulnerability. According to AMD, these CPUs are no longer within the company’s defined support period. This is unfortunate news for many users who still use processors from the Ryzen 2000 and 3000 families. AMD is optimistic that the patch won’t impact computer performance.
In fact, AMD engineers are confident in its effectiveness. It’s worth noting that the company doesn’t include the Ryzen 9000 and Ryzen AI 300 series in the list of processors without updates, possibly because they’re very recent. However, this means that there’s a reasonable expectation that they’ll receive a patch to mitigate any potential vulnerabilities in the future. We’ll provide more information as soon as it becomes available.
This article was written by Juan Carlos López and originally published in Spanish on Xataka.
Image | AMD| Tom's Hardware
Related | Chinese Companies Sanctioned by the U.S. Have a Plan to Keep Buying AI Chips, a Very Creative One
View 0 comments