Why it matters: In response to the recently uncovered Sinkclose vulnerability, AMD is rolling out updates for its newer processor models, leaving many consumers unhappy as several relatively recent chips have been excluded. It may be time for a broader discussion on whether tech companies should extend their support for legacy products, especially when they remain popular among users. If nothing else, companies might need to reconsider these policies to maintain consumer trust and brand loyalty.
In light of the recently disclosed Sinkclose vulnerability, AMD is releasing updates to address the issue across several processor families. These updates include all generations of EPYC processors, as well as the latest Threadripper and Ryzen processors.
Older models, such as the Ryzen 1000, 2000, and 3000 series, as well as the Threadripper 1000 and 2000, will not receive updates as they fall outside AMD's software support window. Interestingly, although the Ryzen 9000 and Ryzen AI 300 series processors are newly released, they are not listed for updates, suggesting the vulnerability may have been addressed during manufacturing.
AMD's approach to software support is a standard practice in the tech industry to efficiently manage resources and focus on newer products. Despite this, many consumers are disappointed with AMD's decision, particularly since some affected processors, like the Ryzen 3000 series, are relatively recent and still widely used.
The Sinkclose vulnerability was discovered by IOActive researchers Enrique Nissim and Krzysztof Okupski, who shared their findings at the Def Con conference. The flaw has likely existed undetected for many years, allowing attackers to exploit a highly privileged mode in AMD processors called System Management Mode. This mode is reserved for critical firmware operations, making the flaw particularly dangerous. Exploiting it requires kernel-level access, which is difficult but possible.
AMD says that there is no expected performance impact from the updates, though performance tests are ongoing to fully assess the impact on system performance.
For users whose AMD processors are not receiving a patch for the Sinkclose vulnerability, options are limited. Upgrading to a newer, supported processor is one possibility.
However, before taking that step, conduct a risk assessment of the threat. The Sinkclose vulnerability is more of a concern for high-value targets like governments or large organizations, as exploiting it requires significant system access, which is not typically a concern for average users.
Nonetheless, ensuring that your operating system and all software are up to date is crucial in general, as well as in response to this particular threat. Being vigilant about who has access to your system is also important. Preventing unauthorized access is key, given that exploiting the vulnerability requires kernel-level access.