AMD has changed its mind when it comes to patching the Sinkclose vulnerability in Ryzen 3000 desktop chips.
According to the latest update to its SMM Lock Bypass Security Bulletin, the famous silicon will be getting an update after all, but other older chips are sadly still getting the cold shoulder.
It was recently revealed that most AMD chips manufactured in the last 18 years are vulnerable to Sinkclose, a critical severity flaw that could allow threat actors to enter the target system undetected. At the time, the company said it would patch newer models, but that older ones, especially those that had reached the end of their lifespan, are presumed dead, despite some of them being extremely popular with consumers.
Theft of files
“There are some older products that are outside of our software support window,” AMD said at the time, meaning Ryzen 1000, 2000 and 3000 series products, as well as Threadripper 1000 and 2000 models, were being left behind.
On the other hand, all generations of AMD EPYC data center processors, the latest Threadripper and Ryzen processors, as well as the MI300A data center chips have been patched.
The Sinkclose vulnerability allows malicious actors to execute malicious code within the system management mode (SMM) of AMD processors, which is a high-privilege area reserved for critical firmware operations. In order to exploit the vulnerability, an attacker would first have to compromise the endpoint separately. Fortunately, there is currently no evidence that malicious actors have discovered or used this flaw in the past.
The update is expected to arrive on August 20, 2024, which means that by the time this article is published, the patch should be available for download.
Ryzen Threadripper 3000, Threadripper Pro 3000WX, Zen 2 EPYC (7002), Ryzen 3000 mobile, and Ryzen 3000/4000 APU processors have already received patches. For now, Zen processors are still considered useless.
Through Tom's Hardware Store
More from TechRadar Pro
- Some of AMD's most iconic chips have a serious security flaw, which the company says it probably won't fix for now
- Here is a list of the best firewall software out there right now
- These are the best endpoint security tools right now