Sinkclose
| CVE identifier | CVE-2023-31315 |
|---|---|
| CVSS score | Base 7.1 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date discovered | Publicly disclosed August 9, 2024 |
| Affected hardware | AMD processors since 2006 |
Sinkclose is a security vulnerability in certain AMD microprocessors dating back to 2006 that was made public by IOActive security researchers on August 9, 2024.[1] IOActive researchers Enrique Nissim and Krzysztof Okupski presented their findings at the 2024 DEF CON security conference in Las Vegas[2] in a talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation".
AMD said it would patch all affected Zen-based Ryzen, Epyc and Threadripper processors but initially omitted Ryzen 3000 desktop processors. AMD followed up and said the patch would be available for them as well.[3] AMD said the patches would be released on August 20, 2024.
Mechanism
[edit | edit source]Sinkclose affects the System Management Mode (SMM) of AMD processors. It can only be exploited by first compromising the operating system kernel.[1][2] Once the exploit is effected, it is possible to avoid detection by antivirus software and even compromise a system after the operating system has been re-installed.
References
[edit | edit source]- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).