AMD’s Unpatchable Vulnerability: Sinkclose Exposes Millions

Researchers from IOActive have uncovered a critical vulnerability in AMD processors that has persisted for several decades. This vulnerability, named Sinkclose, enables attackers to penetrate the most secure parts of a computer, and its remediation is considered nearly impossible. Experts warn that this issue affects virtually all AMD processors, dating back to 2006, and possibly earlier.

At the Defcon conference, experts Enrique Nissim and Krzysztof Okupski presented the details of this vulnerability. It allows hackers to execute their code in a highly privileged mode of the AMD processor, intended only for the protected part of its firmware. This opens the door to creating malware capable of embedding itself deep within the system and remaining undetected, even after reinstalling the operating system.

To exploit the vulnerability, attackers need to gain access to the operating system’s kernel. Once achieved, they can install what is known as a “bootkit”—malicious software that is undetectable by antivirus programs. This software provides full control over the computer and persists even after a reboot. Furthermore, in cases of incorrect security configuration, which, according to the researchers, is common among most of the systems they tested, removing such malware becomes nearly impossible.

Okupski emphasizes that even formatting the hard drive won’t eliminate this threat: “Even if you completely wipe the disk, the malware will remain. It is almost undetectable and virtually indestructible.” The only way to remove such software is to physically dismantle the computer’s casing and use specialized equipment to clean the memory.

AMD has acknowledged the existence of this vulnerability and thanked the researchers for their work. The company has already released fixes for some of its products, including the EPYC and Ryzen series processors, and plans to issue updates for other CPU lines soon. However, it remains unclear how AMD intends to fully close this gap, or when it will be accomplished.

The researchers note that despite the challenges in exploiting this vulnerability, skilled hackers, particularly those supported by state actors, may already possess the necessary tools to take advantage of it.

Patches for this vulnerability will be distributed through operating system updates. Users are strongly encouraged to install them as soon as they become available to prevent potential attacks.

In the meantime, AMD has updated its security bulletin page to include a list of chips affected by the Sinkclose vulnerability.