Skip to main content
  1. Home
  2. Computing
  3. News

Millions of AMD chips are being ignored in major security flaw fix

By
CPU pads on the AMD Ryzen 7 9700X.
Jacob Roach / Digital Trends

Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006, and it spans nearly all of AMD’s products. That list includes Ryzen, Threadripper, and Epyc CPUs across desktop and mobile, as well as AMD’s data center GPUs. Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch that fixes the vulnerability.

AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware. The company claims that these older CPUs fall outside of its support window, despite the fact that millions are still in use. Still, even the most recent Ryzen 3000 chips were released over five years ago, and it makes sense that AMD would want to focus its support on new chips like the Ryzen 5 9600X and Ryzen 7 9700X.

Recommended Videos

Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about. Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode. This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example. Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!
Privacy Policy

Sounds scary, but an attacker would already need to have deeply infected your PC in order for Sinkhole to play a role. The researchers pointed to something like a bootkit as an example, which runs malicious code before the operating system loads in order to evade antivirus software. AMD says that attackers would already need access to the OS kernel in order for Sinkhole to be on the table. In other words, it would need to be a highly targeted attack on a severely compromised PC. It’s an exploit that should almost never occur on a consumer PC.

Related

Anyone targeted by Sinkhole should get ready for trouble. The researchers say the exploit is so deep that it wouldn’t be picked up antivirus software, regardless of how sophisticated it is, and that malicious code can persist even through a reinstall of the operating system.

AMD has or is going to release a patch for its most recent chips. For consumers, that includes mobile processors dating back to AMD Athlon 3000, and for desktop, we’re talking processors dating back to Ryzen 5000. Although you shouldn’t worry much that Sinkhole will be exploited on your PC, it’s a good idea to patch your processor regardless. AMD says the update won’t come with a performance loss, and a little extra security never hurt anyone.

Editors’ Recommendations

Topics
Jacob Roach
Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
A ‘revolutionary’ Turbo Mode promises up to 35% faster gaming on Ryzen chips
The Ryzen 9 9950X socketed in a motherboard.

Ryzen 9000 hasn't been the surefire hit AMD fans were hoping for. Enthusiasts are still waiting for the X3D chip in the line, but Gigabyte has already announced a new X3D Turbo Mode for its motherboards that supposedly delivers between 20% and 35% better gaming performance.

Gigabyte calls it a "revolutionary BIOS feature" that's designed to improve performance for X870E, X870, and 600 series motherboards that can boost the Ryzen 7000X3D and Ryzen 9000 series processors.

Read more
Pour one out — AMD is reportedly sunsetting the Ryzen 7 5800X3D
Someone holding the Ryzen 7 5800X3D in a red light.

The Ryzen 7 5800X3D is a certified legend, sitting among the best processors you can buy several years after its release. It was the swan song for the AM4 socket and Zen 3 architecture, and it debuted AMD's 3D V-Cache that has turned gaming CPUs on their heads. But it looks like the processor is finally meeting its end.

AMD hasn't said anything official, but PCGamesHardware went as far as to say that "the Ryzen 7 5800X3D is dead," and it's easy to see why. PCGamesHardware is a German outlet, and in that region of the world, the Ryzen 7 5800X3D isn't available. The same is true in the U.S. The processor isn't available on Amazon, and on Newegg, I found one third-party seller shipping the CPU from Israel for $500. It should go without saying at this point, but $500 is way too much for the Ryzen 7 5800X3D in 2024.

Read more
The launch of the Ryzen 7 9800X3D feels very close — and it might disappoint
AMD's Ryzen 9 7950X3D sitting in the box.

We may not talk about feelings much when discussing the best processors, but a mountain of leaks and rumors have been swirling about AMD's upcoming Ryzen 7 9800X3D -- and they're becoming too big to ignore. The most recent development is a post on the Chiphell forum (via Wccftech) that claims the processor will be announced on October 25, with a release in the first week of November.

On its own, this isn't anything too exciting. We see claims about hardware launches all the time, but the past two weeks have been riddled with murmurs about what is undoubtedly AMD's most-anticipated CPU this generation. Just a few days ago, a leaked slide from an internal MSI presentation pitted the Ryzen 7 9800X3D against last-gen's Ryzen 7 7800X3D, and showed anywhere from a 2% to 13% improvement. The slides were originally shared by HardwareLuxx, but the post was removed, suggesting the images were probably real (VideoCardz has the images archived).

Read more