Almost unfixable "Sinkclose" bug affects AMD chips

Researchers have identified a significant security vulnerability in AMD processors, termed "Sinkclose," which affects hundreds of millions of chips dating back to 2006. This flaw allows attackers to gain access to System Management Mode (SMM), a highly privileged area of the processor's firmware, enabling them to install undetectable malware, known as a "bootkit." The vulnerability is particularly concerning because it can persist even after operating system reinstalls, making it difficult to eradicate. Exploiting Sinkclose requires prior access to the system's kernel, but the researchers argue that sophisticated hackers, including state-sponsored actors, could leverage existing kernel exploits to gain this access. AMD has acknowledged the issue and has released mitigation options for some of its products, but details on comprehensive fixes remain unclear. The researchers emphasize the urgency for users to apply available patches, as the vulnerability poses a severe risk to system security. They also noted that the Sinkclose technique exploits a feature in AMD chips called TClose, which allows for compatibility with older devices but inadvertently opens a pathway for exploitation. The researchers plan to present their findings at the Defcon hacker conference, highlighting the need for immediate attention to this critical security flaw.

- A significant vulnerability in AMD processors, called Sinkclose, affects millions of chips.

- The flaw allows undetectable malware installation, posing severe security risks.

- Exploiting Sinkclose requires kernel access, but sophisticated hackers may already have methods to achieve this.

- AMD has released some mitigations but lacks comprehensive fixes for all affected products.

- Users are urged to apply patches promptly to protect their systems from potential attacks.