Menu

Blog

Aug 11, 2024

New AMD SinkClose flaw helps install nearly undetectable malware

Posted by in category: cybercrime/malcode

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring-2 privileges and install malware that becomes nearly undetectable.

Ring-2 is one of the highest privilege levels on a computer, running above Ring-1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system’s Kernel.

The Ring-2 privilege level is associated with modern CPUs’ System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.

Leave a reply