"Sinkclose" Vulnerability Affects Every AMD CPU Dating Back to 2006

[Qwerty101]

This is getting ridiculous!

AMD and Intel both working against the second hand market and product longevity. Completely by accident of course…….

Intel: Your second hand PC might have a faulty CPU, that starts to fail due to mysterious degradation.

AMD: Your second hand PC might be compromised in a stealth mode, where no clean OS reinstall will help you.

 

[R-T-B]

This is getting ridiculous!

AMD and Intel both working against the second hand market and product longevity. Completely by accident of course…….

Intel: Your second hand PC might have a faulty CPU, that starts to fail due to mysterious degradation.

AMD: Your second hand PC might be compromised in a stealth mode, where no clean OS reinstall will help you.

Just install the bios update and forget about it. Seriously. This isn't some grand conspiracy.

Although, it is pretty bad they drop support for 3000 and below, admitedly, but thats an AMD exclusive thing, pretty much...

 

[RJARRRPCGP]

There are Zen2 processors that will get the upgrade

Matisse is Zen 2. So that means lots of chips bought during the very-early pandemic, are considered obsolete now!

Rootkits are not the same as ring -2. They typically cannot survive a reinstall.

Yeah, ones that survive a drive wipe, are a BIOS-rootkit!

 

[Visible Noise]

What people are missing is because of the incompleteness of this article.

This vulnerability - which AMD themselves have rated as high severity - allows undetectable persistence of UEFI malware. Once that occurs it’s throw out the machine time.

 

[RJARRRPCGP]

allows undetectable persistence of UEFI malware. Once that occurs it’s throw out the machine time.

That's what the Coffee Lake-and-earlier CSME bug was, and I have been wondering if just a packet received while connected to the internet, results in a contaminated UEFI-BIOS.
Doesn't affect Comet Lake and later.

The current AMD bug found, only affects ring-0 access.

 

[R-T-B]

That's what the Coffee Lake-and-earlier CSME bug was, and I have been wondering if just a packet received while connected to the internet, results in a contaminated UEFI-BIOS.
Doesn't affect Comet Lake and later.

The current AMD bug found, only affects ring-0 access.

I mean its all bad. Whataboutism serves no one here.

 

[RJARRRPCGP]

Just install the bios update and forget about it.

Warning: BIOS update currently not available for ASRock B550 PG Velocita

 

[Solaris17]

Damn, time to put my 3600+ brisbane to sleep. /salute

 

[Vincero]

Damn, time to put my 3600+ brisbane to sleep. /salute

This does make me think there should be a buy back system in place. People could still buy (as new) Ryzen 3000 series products less than 3 years ago - technically you are still in warranty (brand new unsold items sitting on the shelf still get the same end user warranty period) - if you're not gonna support it then should be forced to offer a buy back.... I bet the support teams will miraculously offer BIOS updates as that little bit of work would cost far less.

AMD have said they probably will not offer updates for R3000 chips but I suspect it's more likely a case of getting little interest from motherboard/system OEM's also, and at the end of the day, nearly every AM4 motherboard would need to have the BIOS updates offered to fix this so why not just roll the patch to cover them also...??
To their credit, Intel did actually do patches for the Spectre/Meltdown CPU microcode all the way back to Nehalem (1st gen Core-i3/5/7 from 2008/2009) but the lazy motherboard manufacturers did nothing for them - I can count on one hand the amount of BIOS updates for systems that old that appeared - in the consumer/enthusiast components mainstream the newest platform I ever saw with BIOS updates for it was Haswell (LGA1150) - anything Ivy Bridge or earlier with patches is pretty rare.

 

[Frick]

Not until you run a command that does and then you get the UAC prompt...

That's the point, I need to tell it.

 

[AusWolf]

The article mentions CVE-2023-31315 vulnerability. According to AMD's website, AGESA 1.2.0.1 will patch it for Ryzen 7000. According to my motherboard's support page, the latest BIOS with AGESA 1.2.0.0a patches CVE-2024-31315. Are these the same thing?

 

[Chrispy_]

Rootkits are not the same as ring -2. They typically cannot survive a reinstall.

Yeah, I think my heavy-handed, scorched earth approach to anything AV can't tackle means that rootkits and ring -2 are identical to me. Both need BIOS reflash and disks secure-erased before a reinstall.

 

[R-T-B]

Yeah, I think my heavy-handed, scorched earth approach to anything AV can't tackle means that rootkits and ring -2 are identical to me. Both need BIOS reflash and disks secure-erased before a reinstall.

At ring -2 you can't even necessarily trust bios reflash. Not unless using a hardware flasher anyways. Its serious suck level stuff.

 

[Visible Noise]

The article mentions CVE-2023-31315 vulnerability. According to AMD's website, AGESA 1.2.0.1 will patch it for Ryzen 7000. According to my motherboard's support page, the latest BIOS with AGESA 1.2.0.0a patches CVE-2024-31315. Are these the same thing?

I think your motherboard support page is wrong, this is a 2023 vulnerability.

Yeah, I think my heavy-handed, scorched earth approach to anything AV can't tackle means that rootkits and ring -2 are identical to me. Both need BIOS reflash and disks secure-erased before a reinstall.

Malware installed this way can survive a reflash. For example that’s how pc anti-theft software works. Reflash, reinstall Windows, and it just gets reinstalled from the protected UEFI region.

A Call to Action: Bolster UEFI Cybersecurity Now | CISA

www.cisa.gov

 

[persondb]

Its 'critical' in terms of direct impact - its impossible to class it based on risk as everyone works differently. For sure the risk is high of someone inadvertently loading it. For those with locked down devices and effective endpoint security, the risk is probably quite low, but the impact wouldn't be any different if it somehow was triggered.

That is why actual security professionals use vector strings to describe the attacks and not 'critical'.

For this one it's:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Which Translating it means, Attack Vector is Local, Attack Complexity is High, Privileges Required is High, User Interaction is None, Scope is Changed, Confidentiality Impact is High, Integrity Impact is High and Availability Impact is High.

While the attack is hard to execute, the impact of a successful execution is very high which is why it ends up with being a serious threat.

If I am not mistaken, I don`t think there has ever really been a Spectre and Meltdown exploit in the wild too, but everyone rushed to fix those. Spectre allowed you to read any memory at something like kilobytes per second(I don't remember if it could modify it too).

 

[Darmok N Jalad]

Kinda feels like we need a ROM bios with basic recovery features as a fallback, and a secondary flashable BIOS that can be wiped from orbit by the ROM BIOS. Or will that not even work?

 

[remixedcat]

The timing of this whole thing is sus...

Intel hired them to cover up the 1314gate

 

[Vincero]

Kinda feels like we need a ROM bios with basic recovery features as a fallback, and a secondary flashable BIOS that can be wiped from orbit by the ROM BIOS. Or will that not even work?

Yep, it could be done... maybe on a removable chip just in case it needs to be reprogrammed to include new product support, etc...

 

[Visible Noise]

The timing of this whole thing is sus...

Intel hired them to cover up the 1314gate

Can’t tell if serious.

 

[Hecate91]

Kinda feels like we need a ROM bios with basic recovery features as a fallback, and a secondary flashable BIOS that can be wiped from orbit by the ROM BIOS. Or will that not even work?

Having a ROM chip in a socket would be nice also, and I miss when even cheaper boards had dual BIOS. I wonder if dual BIOS would work if the secondary BIOS could only be used with a physical switch.

 

[remixedcat]

Can’t tell if serious.

do you know what's going on w intel right?

Kinda feels like we need a ROM bios with basic recovery features as a fallback, and a secondary flashable BIOS that can be wiped from orbit by the ROM BIOS. Or will that not even work?

dual bios is doable. even routers have that... my meraki has a rapid failover in case the other is corrupted or doesn't boot it boots from the prev version.

The concern for your average user with administrator privileges, which is like 99.9% of home users is very much there.
Especially if they use pirated software or cheat software which makes you turn off your anti virus software
I've even seen legitimate printer drivers trigger antivirus warnings forcing me to turn off protection to be able to install the device.

So, yes it's important this patch gets pushed and I hope it happens automatically trough a windows update or something so tech illiterate's machines get patched too.

ppl should have rejected those anti cheats to begin with they were always a bad idea and people were too desperate to play some games they complied.

 

[Vincero]

The only real issue with removable BIOSimplementations these days would probably revolve around TPM/secure boot, etc.
Arguably, you could have a removable TPM/BIOS chip seeing as both have a 'secure enclave' which could be rewritten via unknown malicious means - if mistakingly removed as long as it's restored back to the board/boot device it would work as normal.

 

[R-T-B]

I don`t think there has ever really been a Spectre and Meltdown exploit in the wild too, but everyone rushed to fix those.

The answer as to why is in the second portion of your sentence.

Meltdown was a shockingly easy form of privledge escalation. The only reason it wasn't exploited more was widespread patching.

 

[Visible Noise]

do you know what's going on w intel right?

So you’re saying Intel had the foresight to leak this vulnerability to a security company back in October, knowing that AMD would announce it right when Intel is releasing voltage patches the following August.

congrats, you’ve left me speechless.

 

[remixedcat]

So you’re saying Intel had the foresight to leak this vulnerability to a security company back in October, knowing that AMD would announce it right when Intel is releasing voltage patches the following August.

congrats, you’ve left me speechless.

The media made the stink about it at the same time