AMD is now warning of a security vulnerability affecting a large number of processors released nearly 20 years ago that has remained undiscovered, writes sleeping computer.
The vulnerability is called Sink Close and allows code to run in the processor's System Management Mode (SMM), which is used to manage critical system functions, even when SMM Lock is enabled.
To exploit the vulnerability, an attacker must first gain access to the computer's kernel, which runs at the highest privilege level of the operating system, called Ring 0. SinkClose allows anyone who has already reached Ring 0 to delve deeper into the system to a level called Ring -2.
Once malware is installed at this level, it becomes undetectable and remains hidden even if the operating system is reinstalled.
AMD has Published information About the models in the danger zone. The list includes several generations of EPYC, Ryzen, Threadripper and Athlon processors.
Security updates have already been released for EPYC and Ryzen processors used in desktops and laptops. Additional firmware updates are planned, according to AMD.
However, the one thing worth noting is that it says “no fix planned” under AMD Ryzen 3000.
More Stories
EA President Talks New Dragon Age: 'A Return to What Made Bioware Great'
She thought she had bought a phone – she was shocked by its contents
Rumor: Lots of AI in Google's Pixel 10 and 11 cameras