AMD reveals "super privilege vulnerability", hundreds of millions of devices are at risk

On August 14th, according to GoUpSec, at the 2024 Defcon hacker conference held recently, IOActive researchers from the security company disclosed a serious and difficult-to-fix vulnerability in AMD processors called "inkclose". This vulnerability affects almost all AMD processors released since 2006, with billions of laptops, desktops, and servers facing threats. This vulnerability allows attackers to elevate privileges from ring 0 (operating system kernel) to ring-2, execute malicious code in the processor's highest privilege mode - System Management Mode (SMM), and implant malicious software in the system firmware. The severity of the "Sinkclose" vulnerability is that it allows attackers to bypass the protection mechanism of the System Management Mode, thereby implanting difficult-to-detect and remove malicious software at the firmware level.

AMD has released microcode update patches for multiple latest EPYC data center processors and Ryzen series processors (applicable processor list at the end of the article) to address this vulnerability. However, AMD has decided not to provide patches for some older but still popular processors, such as Ryzen 1000, 2000, and 3000 series processors, and Threadripper 1000 and 2000 series processors. For older processors that cannot obtain patches, users can only take standard security measures, which means that these systems may face higher potential threats.