AMD’s EPYC and Ryzen chips are currently exposed to a new vulnerability called “Sinkclose,” which could affect millions of CPUs around the world.
The Sinkclose vulnerability “attacks” critical parts of AMD Ryzen and EPYC CPUs, making data theft and code injection seamless for intruders.
The surfacing of a vulnerability in a mainstream CPU is not a big deal at all, considering that malicious individuals are trying to create backdoors in all sorts of ways, be it a bug in computer code or some kind of vulnerability that hackers can exploit to steal data. However, the new Sinkclose vulnerability is said to have been present in AMD CPUs for over a decade and will apparently be disclosed at the Defcon hacker conference by representatives from security firm IOActive.
So what is Sinkclose? According to a report from WIRED, the vulnerability could allow intruders to execute malicious code when AMD’s CPUs are in “system management mode,” a classified mode that contains firmware files essential to operation.
But to inject the code, a hacker would need to gain “deep access to an AMD-based PC or server.” To gain control of the system, intruders use malware known as bootkits, which cannot be detected by antivirus and are responsible for compromising the system’s security.
Imagine a nation-state hacker or someone trying to break into your system – you wipe the drive and it’s still there – nearly impossible to detect and nearly impossible to patch.
– Krzysztof Okupski (via WIRED)
To mitigate the issue, users would need to physically open up their computers and plug in a hardware-based programming tool called an SPI flash programmer, which makes things a bit more complicated for regular consumers. Fortunately, AMD acknowledged the existence of the vulnerability and thanked the researchers for keeping the sink from the public.

In response, the company released a new security bulletin addressing the vulnerability and also released an extensive list of affected processors. The list includes Ryzen 3000 and above processors, as well as first-generation EPYC and above server CPUs. AMD has also provided firmware and microcode patches to mitigate the impact on various generations of CPUs. Mitigations are available across the Ryzen and EPYC families, with the only remaining one being the older Ryzen 3000 desktop family, which is based on the Zen 2 core architecture.

So it’s fair to say that AMD has identified the core issue. However, there is still a lot to be done, especially when it comes to mitigating the vulnerabilities through BIOS updates. For the average consumer, there is no need to worry for now. We will let you know once AMD releases a new BIOS update that covers all issues.