AMD exposes "super privilege vulnerability", threatening hundreds of millions of devices
On August 14, according to GoUpSec, at the recent Defcon 2024 hacking conference, security firm IOActive researchers disclosed a serious and difficult-to-fix vulnerability in AMD processors called "inkclose". The vulnerability affects almost all AMD processors released since 2006, and hundreds of millions of laptops, desktops, and servers are at risk. This vulnerability allows attackers to elevate privileges from ring 0 (operating system kernel) to ring-2, execute malicious code in the processor's most privileged mode, System Management Mode (SMM), and plant malicious software in the system firmware. " The seriousness of the Sinkclose "vulnerability is that it allows attackers to bypass the protection mechanisms of the system management mode, thereby implanting malicious software at the firmware level that is difficult to detect and remove.
AMD has released microcode update patches for several of the latest EPYC data center processors and Ryzen series processors (list of applicable processors at the end of this article) to address this vulnerability. However, AMD has decided not to provide patches for some older but still popular processors, such as the Ryzen 1000, 2000 and 3000 series processors and the Threadripper 1000 and 2000 series processors. For older processors that cannot be patched, users can only apply standard security measures, which means that these systems may be exposed to higher potential threats.