Millions of AMD chips are being ignored in major security flaw fix
A major security flaw impacting hundreds of millions of AMD CPUs is making the rounds, but AMD won't be patching all of the affected processors.
KickT
By Jacob Roach Updated August 12, 2024 6:27AM
Jacob Roach / Digital Trends
Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006, and it spans nearly all of AMD’s products. That list includes Ryzen, Threadripper, and Epyc CPUs across desktop and mobile, as well as AMD’s data center GPUs. Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch that fixes the vulnerability.
AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware. The company claims that these older CPUs fall outside of its support window, despite the fact that millions are still in use. Still, even the most recent Ryzen 3000 chips were released over five years ago, and it makes sense that AMD would want to focus its support on new chips like the Ryzen 5 9600X and Ryzen 7 9700X.
Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about. Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode. This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example. Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.
Get your weekly teardown of the tech behind PC gaming
Sounds scary, but an attacker would already need to have deeply infected your PC in order for Sinkhole to play a role. The researchers pointed to something like a bootkit as an example, which runs malicious code before the operating system loads in order to evade antivirus software. AMD says that attackers would already need access to the OS kernel in order for Sinkhole to be on the table. In other words, it would need to be a highly targeted attack on a severely compromised PC. It’s an exploit that should almost never occur on a consumer PC.
Anyone targeted by Sinkhole should get ready for trouble. The researchers say the exploit is so deep that it wouldn’t be picked up antivirus software, regardless of how sophisticated it is, and that malicious code can persist even through a reinstall of the operating system.
AMD has or is going to release a patch for its most recent chips. For consumers, that includes mobile processors dating back to AMD Athlon 3000, and for desktop, we’re talking processors dating back to Ryzen 5000. Although you shouldn’t worry much that Sinkhole will be exploited on your PC, it’s a good idea to patch your processor regardless. AMD says the update won’t come with a performance loss, and a little extra security never hurt anyone.
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
AMD AI rises as its gaming plummets
AMD has reported its Q2 2024 financial results, and they present an interesting narrative of successes and challenges. The company’s gaming hardware, however, is continuing to experience a substantial decline.
Despite an overall 9% year-over-year revenue increase for AMD, the gaming graphics division plummeted by a staggering 59% in the second quarter of 2024, a clear indicator of the difficulties the company is encountering in this highly competitive market.
AMD ripped off my favorite app — and I love it
Just months of releasing AMD Fluid Motion Frames (AFMF), the company revealed the second version of the frame generation feature. Now infused with AI, AFMF 2 promises lower latency, better performance on low-end hardware, and "significant improvements" to image quality. Better yet, you don't have to wait for it. If you have a supported AMD GPU, AFMF 2 is available now through the latest Radeon Software driver.
There's a lot here, and it sounds strikingly similar to what we've seen with Lossless Scaling. I've written about Lossless Scaling in the past, which is a $7 Steam app that can add frame generation to any game. AMD clearly took some pointers from the utility. For starters, it's using a frame generation model that's been trained on machine learning, which Lossless Scaling also includes. Most significantly, AMD now includes a Performance mode to reduce the overhead of the frame generation on low-end hardware -- that's also a key feature of Lossless Scaling.
AMD’s Ryzen 9000 CPUs were delayed for the most ridiculous reason
It came as a shock last week when AMD revealed that it would be delaying its Ryzen 9000 CPUs by up to two weeks. We might have some insight into why AMD made that last-minute decision now. A review posted on BilliBilli shows the Ryzen 7 9700X labeled as a Ryzen 9 9700X -- a typo that also affected the Ryzen 5 7600X, which carried the same Ryzen 9 branding, according to Tom's Hardware.
AMD has yet to confirm why the chips were delayed, outside of an issue with packaging. The range of four CPUs was supposed to arrive on July 31, but AMD is splitting the launch now. The Ryzen 5 9600X and Ryzen 7 9700X are arriving on August 8, while the Ryzen 9 9900X and Ryzen 9 9950X are arriving on August 15. The fact that AMD is splitting up the launch lends some credibility to the idea that the delay was due to a typo on the lower-end models.
![Support for US TikTok Sell-off Is Waning [Infographic]](https://www.socialmediatoday.com/imgproxy/mhbSpq1eZdmPHZ1NLAZFTUJLVWuWpZ__a0ZpOi2uLkw/g:ce/rs:fit:770:435/bG9jYWw6Ly8vZGl2ZWltYWdlL3Rpa3Rva19iYW5fc3VwcG9ydDIucG5n.webp)
