Several chips manufactured by AMD over the past 18 years are vulnerable to Sinkclose, a critical severity flaw that could allow malicious actors to enter the target system, basically unseen.
While the chipmaker has already released a fix for some of the newer models, older ones, including some of the flagship products, will not receive any treatment.
This is because they have reached the end of their useful life and as such are not eligible for any kind of support, despite being super popular with consumers.
Ryzen 9000 not listed
“There are some older products that are outside our software support window,” AMD said. Tom's Hardware Store in a statement, meaning that Ryzen 1000, 2000 and 3000 series products, as well as Threadripper 1000 and 2000 models, will be left behind.
On the other hand, all generations of AMD EPYC data center processors, the latest Threadripper and Ryzen processors, as well as the MI300A data center chips have been patched.
AMD added that it does not expect the patches to impact chip performance, meaning the company does not yet know for sure what the effects of the fix will be; the full list of supported chips can be found at This link.
It's also worth mentioning that the latest Ryzen 9000 and Ryzen AI 300 series processors are not included in the list, which could mean that these weren't vulnerable in the first place.
The Sinkclose vulnerability allows threat actors to execute malicious code within the System Management Mode (SMM) of AMD processors, which is an elevated privilege area reserved for critical firmware operations. In order to exploit the vulnerability, an attacker would first have to compromise the endpoint separately.
Fortunately, there is currently no evidence that any malicious actor has discovered or used this flaw in the past.
Through Tom's Hardware Store