AMD changes its mind, says it will patch more Ryzen chips against security flaw

News
By
published

Famed Ryzen 3000 will Sinkclose patch after all, AMD confirms.

A render of an AMD Ryzen 7000 laptop APU.
(Image credit: AMD)

AMD has had a change of heart when it comes to patching the Sinkclose vulnerability on Ryzen 3000 desktop chips.

As per the latest update to its SMM Lock Bypass Security Bulletin, the famed silicon will receive an update after all - but other older chips, unfortunately, are still being given the cold shoulder.

It was recently revealed most AMD chips built over the past 18 years are vulnerable to Sinkclose, a critical severity flaw which could allow threat actors to break into the target system - unseen. At the time, the company said that it will be patching newer models, but older ones - especially those who had reached end-of-life - are left for dead, despite some of them being extremely popular among the consumers.

Stealing from the archives

"There are some older products that are outside our software support window,” AMD said at the time, meaning products in the Ryzen 1000, 2000, and 3000 series, as well as the Threadripper 1000 and 2000 models, were being left behind.

On the other end, all generations of AMD's EPYC processors for the data center, the latest Threadripper, and Ryzen processors, as well as the MI300A data center chips, have all been patched.

The Sinkclose vulnerability allows threat actors to run malicious code inside the System Management Mode (SMM) of AMD processors, which is a high-privilege area reserved for critical firmware operations. To be able to exploit the vulnerability, an attacker would first need to compromise the endpoint separately. Fortunately, there is currently no evidence that any malicious actors discovered, or used, this flaw in the past.

The update should arrive on August 20, 2024, meaning by the time this article gets published, the patch should be available for download.

Ryzen Threadripper 3000, Threadripper Pro 3000WX, Zen 2 EPYC (7002), Ryzen 3000 mobile, and Ryzen 3000/4000 APUs have all been patched, already. As things stand now, Zen processors are still being left for dead.

Via Tom's Hardware

More from TechRadar Pro

  • Some of the most iconic AMD chips have a serious security flaw — which the company says it probably won't patch now
  • Here's a list of the best firewall software around today
  • These are the best endpoint security tools right now
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.