Skip to main content

CSA will never ask you to transfer money or disclose banking details. Stay vigilant.

If unsure, call the 24/7 ScamShield Helpline at 1799 to check. www.scamshield.gov.sg

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in AMD Chips
Alerts

High-Severity Vulnerability in AMD Chips

13 August 2024

AMD has released firmware updates to address a high-severity vulnerability, known as SinkClose (CVE-2023-31315), in their EPYC, Ryzen, and Threadripper processors.

Successful exploitation of this vulnerability could allow attackers with kernel-level access to modify the configuration of System Management Mode (SMM) settings, install bootkits, and potentially perform remote code execution (RCE) attacks. 

The vulnerability affects the following products:

  • EPYC 1st, 2nd, 3rd, and 4th generations

  • EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000

  • Ryzen Embedded V1000, V2000, and V3000

  • Ryzen 3000, 5000, 4000, 7000, and 8000 series

  • Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series

  • Ryzen Threadripper 3000 and 7000 series

  • AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)

  • AMD Athlon 3000 series Mobile (Dali, Pollock)

  • AMD Instinct MI300A

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html

https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

https://arstechnica.com/security/2024/08/almost-unfixable-sinkclose-bug-affects-hundreds-of-millions-of-amd-cpus/?utm_source=tldrinfosec

Back to top