Millions of Systems Running AMD Ryzen & EPYC CPUs Affected By “Sinkclose” Vulnerability, Mitigations Already Rolled Out

AMD's EPYC & Ryzen chips are now exposed to a new vulnerability called "Sinkclose," which could potentially affect millions of CPUs worldwide.

The Sinkclose Vulnerability "Attacks" A Critical Part of The AMD Ryzen & EPYC CPUs, Making Data Theft & Code Insertion Seamless For Intruders

Vulnerabilities surfacing up in mainstream CPUs aren't a big deal at all, given that individuals with malicious intent out there try every possible way to obtain a backdoor, whether it is through a bug present within the computer code or some exposure on which the hackers leverage and then try to steal your data. However, the new Sinkclose vulnerability is said to have been present in AMD CPUs for more than a decade now, & it looks to be public at the Defcon hacker conference by individuals from the security firm IOActive.

Related Story MSI’s AM5 Exclusive Memory Try It & High-Efficiency Mode BIOS Feature Boost AMD Ryzen 9000 CPU Gaming Performance By Up To 10%

So, what is Sinkclose? Well, according to a report from WIRED, the vulnerability allows intruders to run their malicious code on AMD's CPUs when they are in "System Management Mode," which is a sensitive mode that contains crucial firmware files for operations.

However, to insert a piece of code, hackers must obtain "deep access to an AMD-based PC or server." To achieve control over your systems, the intruders can utilize a malware called bootkit, which is undetectable by anti-viruses and does the job of compromising the security of your systems.

To mitigate the problem, users would need to physically open the computer and connect a hardware-based programming tool known as an SPI Flash programmer, which makes the problem a bit complex for a general consumer. Fortunately, AMD has acknowledged the existence of the vulnerability and has thanked the researchers for getting the Sink closed to the public.

In response, the firm has released a new security bulletin addressing the vulnerability and has released an extensive list of