SinkClose flaw impacts AMD EPYC and Ryzen CPUs, helps gain Ring -2 privileges

AMD has identified a high-severity vulnerability known as SinkClose, affecting its EPYC, Ryzen, and Threadripper processors. This flaw allows attackers with kernel-level access (Ring 0) to escalate their privileges to Ring -2, a level that enables the installation of nearly undetectable malware. The vulnerability, tracked as CVE-2023-31315, has reportedly gone unnoticed for nearly 20 years and impacts a wide range of AMD chip models. The System Management Mode (SMM), which operates at Ring -2, is designed to handle critical low-level operations and is isolated from the operating system to enhance security. However, the SinkClose flaw permits modifications to SMM settings, potentially disabling security features and allowing persistent malware installation. AMD has released mitigations for affected EPYC and Ryzen CPUs, with further updates for embedded models forthcoming. While exploiting this vulnerability requires kernel-level access, which is challenging in practice, it poses a significant risk, particularly from advanced persistent threat actors and sophisticated cybercriminals. The implications of this vulnerability highlight the ongoing concerns regarding kernel-level access and the potential for exploitation in targeted attacks.

- AMD's SinkClose vulnerability allows escalation from kernel-level to Ring -2 privileges.

- The flaw affects multiple generations of AMD processors, including EPYC and Ryzen models.

- SinkClose has remained undetected for nearly 20 years, posing a significant security risk.

- AMD has issued mitigations, but further updates for embedded CPUs are still pending.

- Exploitation requires kernel-level access, making it challenging but not impossible for sophisticated attackers.