AMD Exclusive … Bootkit. Meet Sinkclose.

The Bastard Offspring Of Sinkhole And TClose
Sadly backwards compatibility has struck again, this time with an attack leveraging AMD’s TClose feature, which is designed to ensure compatibly with ancient devices that use the same memory addresses as SMRAM. The reason it has remained is mostly because of System Management Mode which allows your UEFI to talk with TPM, automatically shut down an overheating CPU, USB legacy support and a variety of other system functions that run before the OS wakes up. It has existed since 386 systems were a thing, and if not properly implemented and secured can be leveraged to infect a machine in such a way as to make it almost impossible to fix.
Almost every AMD chip, EPYC and consumer alike, could be vulnerable to Sinkclose if left unpatched. Many AMD platforms already have Platform Initialization firmware updates available, though there is a delay for many embedded EPYC solutions. The good news, such as it is, is that an attacker has to have already gained access to the OS kernel on a machine to be able to use Sinkhole and trick a system into executing malicious code at the highly privileged SMM level. This is sadly not impossible to achieve but does limit the ability for nefarious actors to leverage the exploit, regardless you should patch as soon as possible.
If a system is infected, the only solution apart from tossing the motherboard is to grab a SPI Flash programmer, connect it to the memory on the motherboard and meticulously scrub the contents.
“I think it's the most complex bug I've ever exploited,” says Okupski.
More Tech News From Around The Web
- Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction @ The Register
- Microsoft: Windows 11 22H2 reaches end of support in 60 days @ Bleeping Computer
- What’s going on with AMD funding a CUDA translation layer, then nuking it? @ The Register
- Hackers leak 2.7 billion data records with Social Security numbers @ Bleeping Computer
- TT Show Episode 46 – Ryzen 9000 Series CPU reviews and NVIDIA’s AI training scandal