The Register: AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

Source URL: https://www.theregister.com/2024/08/20/amd_sinkclose_ryzen_3000/
Source: The Register
Title: AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

Feedly Summary: Still no love for 1000- or 2000-series
In an apparent reversal, AMD has decided that its Ryzen 3000-series processors released in 2019 are actually worth patching against the recently disclosed SinkClose vulnerability.…

AI Summary and Description: Yes

Summary: AMD has decided to patch its Ryzen 3000-series processors against the SinkClose vulnerability, which affects a wide range of AMD processors. This decision reflects feedback from the community and emphasizes the need for continuous security support for older hardware despite their age.

Detailed Description:
The text discusses AMD’s response to a recently disclosed vulnerability, CVE-2023-31315, known as SinkClose, which impacts most AMD processors dating back to 2006. Key points include:

– **Vulnerability Overview**:
– The SinkClose vulnerability allows malicious users who have gained kernel access to execute code in System Management Mode (SMM), effectively bypassing the operating system’s defenses. This can lead to deeper system compromises.
– The vulnerability received a CVSS score of 7.5, indicating a significant security risk primarily for systems already compromised.

– **AMD’s Initial and Revised Actions**:
– Originally, AMD planned to patch only certain CPUs, with the Ryzen 3000-series being excluded from the updates.
– Following community backlash and feedback, AMD revised their advisory to include the Ryzen 3000-series as eligible for patches, indicating the chip’s relevance and demand in the market.
– Patches are provided through BIOS updates and microcode updates, essential for maintaining system security integrity.

– **Implications for Security**:
– The decision to patch these processors underscores the importance of ongoing security maintenance, especially for hardware that remains in use.
– Users of affected CPUs can minimize exploitation risks by practicing safe computing habits, like avoiding dubious downloads and regularly updating their operating systems.

– **Consumer and Community Impact**:
– AMD’s choice suggests they are responsive to user concerns, highlighting the pressure from the community for ethical practices in hardware security.
– The patching decision may influence consumer trust and brand loyalty moving forward.

This scenario illustrates how manufacturers must balance product lifecycle management with security obligations, significantly impacting infrastructure security practices.