Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in AMD Chips
Alerts

High-Severity Vulnerability in AMD Chips

13 August 2024

AMD has released firmware updates to address a high-severity vulnerability, known as SinkClose (CVE-2023-31315), in their EPYC, Ryzen, and Threadripper processors.

Successful exploitation of this vulnerability could allow attackers with kernel-level access to modify the configuration of System Management Mode (SMM) settings, install bootkits, and potentially perform remote code execution (RCE) attacks. 

The vulnerability affects the following products:

  • EPYC 1st, 2nd, 3rd, and 4th generations

  • EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000

  • Ryzen Embedded V1000, V2000, and V3000

  • Ryzen 3000, 5000, 4000, 7000, and 8000 series

  • Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series

  • Ryzen Threadripper 3000 and 7000 series

  • AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)

  • AMD Athlon 3000 series Mobile (Dali, Pollock)

  • AMD Instinct MI300A

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html

https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

https://arstechnica.com/security/2024/08/almost-unfixable-sinkclose-bug-affects-hundreds-of-millions-of-amd-cpus/?utm_source=tldrinfosec