'Sinkclose' vulnerability discovered in post-2006 AMD chips could pose a critical threat to data security

[Redaktion]

A critical vulnerability, Sinkclose, has been discovered in AMD processors. The flaw allows attackers to gain near-total control of affected systems. While AMD is working on patches, users are urged to update their systems immediately to mitigate risks of data theft, system takeover, espionage, and possible infrastructure disruption.

https://www.notebookcheck.net/Sinkclose-vulnerability-discovered-in-post-2006-AMD-chips-could-pose-a-critical-threat-to-data-security.874189.0.html

[GeorgeS]

Surprisingly... if you believe the description, this is a complete fiasco of AMD and BIOS manufacturers, as well as motherboard manufacturers, but there is complete silence in the thread... =)

Gee I actually own 2 AMD powered products... :(

So while Team Blue has TWO generations of CPU's that can 'self destruct' Team Red has ALL their CPU's from 200x on that can be INFECTED and made USELESS!?!?!?

So where are all the AMD Fanboi's now?

Do you really think ANYONE wants to get NEAR an AMD powered device now?

LOL!

[ghkion]

So while Team Blue has TWO generations of CPU's that can 'self destruct' Team Red has ALL their CPU's from 200x on that can be INFECTED and made USELESS!?!?!?

I'm sure both are hugely exaggerated by rival's marketing department. I don't see 13th and 14th gen failing left and right and there's zero cases of this vulnerability being used.

To exploit it one already needs a kernel ring 0 access, so you already can do anything to the system. The only addition is this can inject a nasty code that user can't get rid of, seemingly can't remove it even with OS reinstall and BIOS re-flash. Conspiracy theory - another disclosed special services factory backdoor. Easy to believe after Snowden reports.
And obligatory shoutout to gamers letting "anti-cheat" software run in ring 0.

[hugh mungus]

NikoB once again spewing paragraphs of unrelated drivel simply because they are too uneducated and unintelligent to know  any better. I bet they have no idea how to disable PSP or ME because they're that much of a low tier script kiddie.

[erting]

Moron (or NB bot), I am an old system programmer with a huge experience and you are not even worth my fingernail in terms of real competence, outlook and mentality in comparison with me. You idiot can not oppose anything or simply refuted by facts, because you are an ordinary stupid philistine of which 99% are here.

Everyone knows you are a liar and technically illiterate. Google SMRAM before posting next time.

[NikoB-+-]

The only addition is this can inject a nasty code that user can't get rid of, seemingly can't remove it even with OS reinstall and BIOS re-flash.

This is just complete technical nonsense, designed for stupid laymen. If an exploit is able to penetrate NVRAM or even flash into EPROM, then there is always the same opportunity to remove it from there without a programmer.

The funniest thing is that the EPROM chip in principle should not accept patched firmware that does not have a digital signature of the BIOS (motherboard) manufacturer. And where do hackers get private parts of the digital signature? Stole from motherboard and laptop manufacturers?

If this method bypasses even the digital signature check, this purely indicates a bookmark for second-level special services, since the first level is AMD PSP/Intel ME itself, which is not documented anywhere.

In principle, if you look at all x86 since 2006, you are NOT the owner of your PC/laptop, for a banal reason - on each motherboard (except for those that are clearly going to government agencies with an indication to disable PSP/ME) a ??PSP/ME coprocessor is installed, which allows you to completely control your property remotely by unknown means at the whim of the manufacturer and the special services of countries dedicated to its details to the end.

We have all been living in a digital concentration camp for a long time. However, most stupid ordinary people have long been fish in an aquarium voluntarily with their smartphones - which are ideal spy probes. The horror of the situation is that the "fish" do not even understand, due to the mentality imposed on them from above since childhood - that they are in an "aquarium" controlled from above, and those who are above, above the laws and rules ...