1 month ago
38
Gigabyte published an advisory stating it will release the new BIOS with the latest AGESA containing the 'Sinkclose' vulnerability patch for many of its AMD motherboards in succession by the end of August. The flaw exclusively affected the entire line of AMD processors released since 2006, requiring a wide range of CPUs to be updated with a new firmware containing the required AGESA microcode.
Considering the potential of this flaw and the release of the much-needed AGESA patches, it's a norm for other motherboard makers to release the patched BIOS quickly once the AGESA patch is out. It's safe to speculate since hackers did not exploit this for 18 years, it's unlikely users would need to be concerned until they receive the BIOS for their AMD motherboards. That said, end users must update the respective motherboard BIOS once it is released. Since many motherboard makers like Gigabyte have included tools to flash BIOS quickly, it will not be difficult for most.
Only three days ago, AMD decided to patch the Sinkclose vulnerability on its Ryzen 3000 series desktop process, coming close to patching all the CPUs released since 2006. The company did assure at an earlier date that there is no impact expected once the new AGESA-included BIOS are installed on respective motherboards. The following chipsets are the ones that will be patched, along with their BIOS AGESA versions:
Swipe to scroll horizontally
| AM5 600 series | AMD AGESA 1.2.0.1 for Ryzen 8000/ 7000-series Processors |
| AM4 500/ 400/ 300 series | AMD AGESA 1.2.0.Cb for Ryzen 5000/ 5000G/ 4000G-series Processors AMD AGESA 1.2.0.Cc for Ryzen 3000-series Processors |
| sTRX4 TRX40 series | AMD AGESA 1.0.0.B for Ryzen Threadripper 3000-series Processors |
| sTR5 TRX50 series | AMD AGESA 1.1.0.0f for Ryzen Threadripper PRO 7000/ Ryzen Threadripper 7000-series Processors |
As a quick recap, the Sinkclose vulnerability allows the hacker to gain access to the AMD processor's System Management mode, allowing them to exploit the system's kernel provided the system is already affected by another attack. Though this is difficult, due to the wide range of AMD processors sold since 2006, this puts many users at potential risk.
Researchers have detected many such risks earlier, who then responsibly warn the public and inform the company with the necessary details. Some mitigations have performance loss to a certain extent after the patch. Many security researchers have done this for all chipmakers over the years, which has helped countless users. Naturally, the solution would need to come from the chipmaker, who then ships it to a partnered motherboard maker.
Since they're not on the BIOS deployment plan, we've contacted AMD to clarify whether the latest Ryzen 9000 and Ryzen AI 300 processors were patched before their release. However, the chipmaker hasn't responded to our inquiry.
:quality(85):upscale()/2024/10/17/848/n/1922729/9dece426671163b35dcb11.60305022_.jpg)
English (US) ·