AMD's 'Sinkclose' Flaw: A Decades-Old Vulnerability Threatens Millions of Processors
Security researchers have uncovered a critical vulnerability in AMD processors that could allow attackers to gain deep, persistent access to affected systems. Dubbed 'Sinkclose', this flaw has existed in AMD chips since at least 2006, potentially impacting hundreds of millions of devices.
The Sinkclose Vulnerability
Discovered by IOActive researchers Enrique Nissim and Krzysztof Okupski, Sinkclose exploits a feature called TClose in AMD processors. This vulnerability allows attackers to execute malicious code in the highly privileged System Management Mode (SMM), bypassing normal security measures.
Key points about Sinkclose:
- Affects virtually all AMD processors since 2006
- Allows installation of hard-to-detect bootkit malware
- Can persist even after operating system reinstallation
- Particularly dangerous on systems with improperly implemented Platform Secure Boot
 |
|---|
| Experts discuss the impact of the Sinkclose vulnerability on AMD processors at a technology event |
Exploitation and Impact
While exploiting Sinkclose requires initial kernel-level access, the researchers warn that such access is not uncommon for sophisticated attackers. Once leveraged, Sinkclose enables:
- Deep system infiltration
- Evasion of antivirus detection
- Persistent access that survives OS reinstalls
In severe cases, completely discarding an infected machine may be easier than attempting to remove the malware.
AMD's Response
AMD has acknowledged the vulnerability and has begun releasing patches:
- Mitigation options available for EPYC datacenter and Ryzen PC products
- Patches for embedded products coming soon
- Full list of affected products available on AMD's security bulletin page
Recommendations
Users and system administrators should:
- Apply patches as soon as they become available
- Be aware that Linux and embedded systems may require manual updates
- Monitor for any unusual system behavior
While Sinkclose requires significant expertise to exploit, its potential impact makes prompt patching crucial for maintaining system security.
The discovery of Sinkclose highlights the ongoing importance of hardware-level security research, even in processors that have been in use for nearly two decades.