AMD changes its mind, says it will patch more Ryzen chips for security vulnerabilities

August 21, 2024

0 189 1 minute read

AMD changes its mind, says it will patch more Ryzen chips for security vulnerabilities

AMD has changed its mind when it comes to patching the Sinkclose vulnerability on Ryzen 3000 desktop chips.

According to the latest update of the SMM Lock Bypass Security Bulletin, the famous chip is getting an update after all, but other, older chips are unfortunately still being ignored.

It was recently revealed that most AMD chips built over the past 18 years are vulnerable to Sinkclose, a serious flaw that could allow malicious actors to compromise target systems undetected. At the time, the company said it would patch newer models, but older models – particularly those that had reached the end of their lifespan – are being left for dead, despite some of them being extremely popular with consumers.

Theft from the archives

“There are a number of older products that are outside of our software support window,” AMD said at the time, meaning products in the Ryzen 1000, 2000 and 3000 series, as well as the Threadripper 1000 and 2000 models, were left behind.

On the other hand, all generations of AMD’s EPYC data center processors, the latest Threadripper and Ryzen processors, and the MI300A data center chips have all been patched.

The Sinkclose vulnerability allows malicious actors to execute malicious code in the System Management Mode (SMM) of AMD processors, a high-privilege area reserved for critical firmware operations. To exploit the vulnerability, an attacker would first have to independently compromise the endpoint. Fortunately, there is currently no evidence that malicious actors have discovered or used this flaw in the past.

The update is expected to be available on August 20, 2024. That means the patch should be available to download by the time this article is published.

Sign up to the TechRadar Pro newsletter and receive the key news, opinion, features and advice your business needs to succeed!

Ryzen Threadripper 3000, Threadripper Pro 3000WX, Zen 2 EPYC (7002), Ryzen 3000 mobile and Ryzen 3000/4000 APUs have all been patched already. As it stands, Zen processors are still being left for dead.

Via Tom’s Hardware

More from TechRadar Pro

Some of AMD’s most iconic chips have a serious security hole that the company is now unlikely to patch

Here is a list of the best firewall software out there today

These are the best endpoint security tools right now