Skip to main content
  1. Home
  2. Computing
  3. News

Millions of AMD chips are being ignored in major security flaw fix

By
CPU pads on the AMD Ryzen 7 9700X.
Jacob Roach / Digital Trends

Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006, and it spans nearly all of AMD’s products. That list includes Ryzen, Threadripper, and Epyc CPUs across desktop and mobile, as well as AMD’s data center GPUs. Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch that fixes the vulnerability.

AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware. The company claims that these older CPUs fall outside of its support window, despite the fact that millions are still in use. Still, even the most recent Ryzen 3000 chips were released over five years ago, and it makes sense that AMD would want to focus its support on new chips like the Ryzen 5 9600X and Ryzen 7 9700X.

Recommended Videos

Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about. Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode. This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example. Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!
Privacy Policy

Sounds scary, but an attacker would already need to have deeply infected your PC in order for Sinkhole to play a role. The researchers pointed to something like a bootkit as an example, which runs malicious code before the operating system loads in order to evade antivirus software. AMD says that attackers would already need access to the OS kernel in order for Sinkhole to be on the table. In other words, it would need to be a highly targeted attack on a severely compromised PC. It’s an exploit that should almost never occur on a consumer PC.

Anyone targeted by Sinkhole should get ready for trouble. The researchers say the exploit is so deep that it wouldn’t be picked up antivirus software, regardless of how sophisticated it is, and that malicious code can persist even through a reinstall of the operating system.

AMD has or is going to release a patch for its most recent chips. For consumers, that includes mobile processors dating back to AMD Athlon 3000, and for desktop, we’re talking processors dating back to Ryzen 5000. Although you shouldn’t worry much that Sinkhole will be exploited on your PC, it’s a good idea to patch your processor regardless. AMD says the update won’t come with a performance loss, and a little extra security never hurt anyone.

Editors’ Recommendations

Topics
Jacob Roach
Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Intel is finally stepping up on its instability fiasco
Intel Core i5-13600K installed in a motherboard.

Last week, Intel quietly committed to extending the warranty on its 13th-gen and 14th-gen CPUs, but it wouldn't provide details at the time. Now, we know what processors are covered. Intel is extending the warranty on a large range of 13th-gen and 14th-gen CPUs by two years, giving customers a total of five years to file a warranty claim.

From a performance standpoint, Intel's latest 13th-gen and 14th-gen CPUs are among the best processors you can buy, but the chips have been in hot water as of late. A string of instability issues, and a lack of communication from Intel, have eroded trust not only in the CPUs, but also Intel as a brand. The warranty extension is an attempt by Intel to help restore that trust, as the narrative around Intel's instability troubles has only become more intense as time goes on.

Read more
AMD’s new feature doubled my frame rate with a single click
RX 7900 XTX installed in a test bench.

AMD did exactly what I hoped it would do. Its Fluid Motion Frames feature, referred to as AFMF, originally promised a way to add frame generation to virtually any game. There was just one problem -- AFMF was bad. Really bad. Now, AMD is taking another swing at driver-level frame generation with AFMF 2, which works in any game for any of AMD's RX 6000 or RX 7000 graphics cards.

The new version takes a lot of cues from Lossless Scaling, a $7 Steam app that has catapulted in popularity over the past few months due to its ability to add frame generation to any game. AMD is now able to provide a similar level of quality, and with some clear upsides over Lossless Scaling if you own one of AMD's best graphics cards.
What's new here?

Read more
Intel might get slapped with a class-action lawsuit
Intel Core i9-13900K held between fingertips.

The calls for a class-action lawsuit in response to Intel's instability issues with 13th-gen and 14th-gen CPUs are turning into action. The law firm of Abington Cole + Ellery has launched an investigation into a potential class-action lawsuit against Intel, and it has a form on its website for users to submit details if they believe they're an affected party.

The law firm hasn't provided any details on what the class action might entail, but the form asks customers if they've purchased an affected processor or a PC containing one of the affected processors, as well as if they've experienced issues. About a day after posting, the form is currently sitting on top of the r/Intel subreddit, right above a megathread where Intel users can report if they've experienced any instability issues. A user claiming to be a class-action lawyer asked if Intel is honoring return requests, and most responses claim the company is.

Read more