AMD processors have had a decades-long security vulnerability, nicknamed Sinkclose, that could leave infected PCs virtually unfixable.
IOActive security researchers Enrique Nissim and Krzysztof Okupski have outlined the flaw to Wired ahead of the Defcon hacking conference.
The technique exploits a TClose feature that maintains system management memory compatibility with older devices. An attacker can use TClose to trick the memory code into retrieving compromised data, letting the intruder run malicious code with the same high privilege as the management memory.
Sinkclose not only goes deep into AMD chips, but is “nearly undetectable and nearly unpatchable,” according to Okupski. The only solution involves physically connecting to memory chips using an SPI Flash programmer and wiping the memory clean. If that’s not an option, you might have to get rid of the computer. Wiping storage won’t work.
An attacker would need to get into an operating system’s kernel (its lowest-level code) to infect a PC this way, so casual breaches are unlikely. Kernel-level vulnerabilities aren’t that rare, however, and state-backed hackers are more likely to have the skill and resources needed to get that deep. They could theoretically plant spyware that goes unnoticed even by experts.
AMD recognized Sinkclose in a statement to Wired and reiterated the challenges of using it. The company added that it already has “mitigation options” for Epyc and Ryzen CPUs, and that similar protections would be coming to embedded chips “soon.” The list of affected chips covers much of AMD’s lineup from recent years.
It’s not clear how AMD will completely shut down the Sinkclose exploit. And while the IOActive researchers have agreed not to publish example code for several months to provide more time for fixes, there’s a concern that hackers might find the issue on their own. Nissim and Okupski have urged users to patch their systems as quickly as possible.