Discovery at Def Con
Researchers from IOActive presented a decades-old vulnerability in AMD processors at the Def Con security conference. This vulnerability, designated CVE-2023-31315, affects both the Ryzen and Epyc CPU lines. It could potentially allow an attacker to disable critical memory protections, elevating their access to the firmware level and gaining complete control over the system’s firmware.
Impact on Global Devices
The flaw, named “Sinkclose,” allows malware to deeply infect a computer’s memory and run code in System Management Mode. The flaw allows an admin account to elevate to the firmware level, giving complete control over the system’s firmware. This alarming vulnerability dates back to at least 2006 and impacts nearly every AMD chip produced over the last 20 years. Researchers stress the urgency of addressing this vulnerability, as it undermines the entire system’s security.
The vulnerability is rooted in System Management Mode (SMM), where the OS is not running. Under certain conditions, this mode’s protection can be easily bypassed, even though AMD uses an SMM Lock to prevent local code from accessing SMM. An attacker with ring 0 (admin level) privileges could exploit this flaw to gain “god mode” control over the machine.
🚨 #DataBreach 🚨
A potential data breach at AMD has been detected on a hacking forum: IntelBroker is selling the data.
According to the post, in June 2024, AMD suffered a data breach leading to the compromise of information such as future AMD products, spec sheets, employee… pic.twitter.com/P28SvFt1Eo
— HackManac (@H4ckManac) June 18, 2024
Persistence and Exploit Risks
One of the most daunting aspects of this vulnerability is its potential for establishing persistence on a target machine. The exploit could survive a complete OS reinstallation. Malicious code exploiting this flaw could thus maintain control of a system indefinitely, posing a significant threat to corporations and governments, and our personal devices as well.
AMD’s Response and Mitigation
AMD has acknowledged the issue and released mitigation options for data center and Ryzen PC products, promising more for embedded products soon. The complexity of hardware-level flaws usually makes them difficult to patch, yet the current AMD patch does not significantly impact CPU performance. AMD strongly urges users and administrators to upgrade immediately to the latest security recommendations.
Related Security Breach
In a tandem security issue, AMD is investigating a data breach following claims by IntelBroker, who declared having stolen sensitive data in June 2024. The breach purportedly includes information on future products, datasheets, employee and customer databases, property files, firmware, source code, and financial documentation.
AMD is currently working with law enforcement and a third-party hosting partner to assess the severity and authenticity of the data involved.
Conclusion
These cybersecurity concerns make it imperative for AMD users to stay updated with security recommendations and patches. Failure to address these vulnerabilities promptly could expose global devices to significant threats including unauthorized access, data breaches, and compromised system integrity.
AMD is now rolling out a fix and says the vulnerability isn't easy to exploit since it requires an attacker to have kernel access. https://t.co/7fp8tEQWe4
— PCMag (@PCMag) August 9, 2024