Hidden Flaw in Aging Chips Threatens Devices Worldwide

computer chip

Discovery at Def Con

Researchers from IOActive presented a decades-old vulnerability in AMD processors at the Def Con security conference. This vulnerability, designated CVE-2023-31315, affects both the Ryzen and Epyc CPU lines. It could potentially allow an attacker to disable critical memory protections, elevating their access to the firmware level and gaining complete control over the system’s firmware.

Impact on Global Devices

The flaw, named “Sinkclose,” allows malware to deeply infect a computer’s memory and run code in System Management Mode. The flaw allows an admin account to elevate to the firmware level, giving complete control over the system’s firmware. This alarming vulnerability dates back to at least 2006 and impacts nearly every AMD chip produced over the last 20 years. Researchers stress the urgency of addressing this vulnerability, as it undermines the entire system’s security.

The vulnerability is rooted in System Management Mode (SMM), where the OS is not running. Under certain conditions, this mode’s protection can be easily bypassed, even though AMD uses an SMM Lock to prevent local code from accessing SMM. An attacker with ring 0 (admin level) privileges could exploit this flaw to gain “god mode” control over the machine.

Persistence and Exploit Risks

One of the most daunting aspects of this vulnerability is its potential for establishing persistence on a target machine. The exploit could survive a complete OS reinstallation. Malicious code exploiting this flaw could thus maintain control of a system indefinitely, posing a significant threat to corporations and governments, and our personal devices as well.

AMD’s Response and Mitigation

AMD has acknowledged the issue and released mitigation options for data center and Ryzen PC products, promising more for embedded products soon. The complexity of hardware-level flaws usually makes them difficult to patch, yet the current AMD patch does not significantly impact CPU performance. AMD strongly urges users and administrators to upgrade immediately to the latest security recommendations.

Related Security Breach

In a tandem security issue, AMD is investigating a data breach following claims by IntelBroker, who declared having stolen sensitive data in June 2024. The breach purportedly includes information on future products, datasheets, employee and customer databases, property files, firmware, source code, and financial documentation.

AMD is currently working with law enforcement and a third-party hosting partner to assess the severity and authenticity of the data involved.

Conclusion

These cybersecurity concerns make it imperative for AMD users to stay updated with security recommendations and patches. Failure to address these vulnerabilities promptly could expose global devices to significant threats including unauthorized access, data breaches, and compromised system integrity.