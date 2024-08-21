AMD has had a change of heart when it comes to patching the Sinkclose vulnerability on Ryzen 3000 desktop chips.

As per the latest update to its SMM Lock Bypass Security Bulletin, the famed silicon will receive an update after all - but other older chips, unfortunately, are still being given the cold shoulder.

It was recently revealed most AMD chips built over the past 18 years are vulnerable to Sinkclose, a critical severity flaw which could allow threat actors to break into the target system - unseen. At the time, the company said that it will be patching newer models, but older ones - especially those who had reached end-of-life - are left for dead, despite some of them being extremely popular among the consumers.

Stealing from the archives

"There are some older products that are outside our software support window,” AMD said at the time, meaning products in the Ryzen 1000, 2000, and 3000 series, as well as the Threadripper 1000 and 2000 models, were being left behind.

On the other end, all generations of AMD's EPYC processors for the data center, the latest Threadripper, and Ryzen processors, as well as the MI300A data center chips, have all been patched.

The Sinkclose vulnerability allows threat actors to run malicious code inside the System Management Mode (SMM) of AMD processors, which is a high-privilege area reserved for critical firmware operations. To be able to exploit the vulnerability, an attacker would first need to compromise the endpoint separately. Fortunately, there is currently no evidence that any malicious actors discovered, or used, this flaw in the past.

The update should arrive on August 20, 2024, meaning by the time this article gets published, the patch should be available for download.

Ryzen Threadripper 3000, Threadripper Pro 3000WX, Zen 2 EPYC (7002), Ryzen 3000 mobile, and Ryzen 3000/4000 APUs have all been patched, already. As things stand now, Zen processors are still being left for dead.

Via Tom's Hardware

