{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-075.pdf"
    },
    "title": "Vulnerabilities in AMD CPUs",
    "serial_number": "2024-075",
    "publish_date": "12-08-2024 13:14:34",
    "description": "On August 9, 2024, AMD disclosed a high-severity vulnerability, CVE-2023-31315 (SinkClose), affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The flaw allows attackers with kernel-level access to gain Ring-2 privileges, potentially installing undetectable malware by modifying System Management Mode (SMM) settings.<br>\n",
    "url_title": "2024-075",
    "content_markdown": "---\ntitle: 'Vulnerabilities in AMD CPUs'\nnumber: '2024-075'\nversion: '1.0'\noriginal_date: 'August 9, 2024'\ndate: 'August 12, 2024'\n---\n\n_History:_\n\n* _12/08/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn August 9, 2024, AMD disclosed a high-severity vulnerability, **CVE-2023-31315** (SinkClose), affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The flaw allows attackers with kernel-level access to gain Ring-2 privileges, potentially installing undetectable malware by modifying System Management Mode (SMM) settings [1].\n\n# Technical Details\n\nThe SinkClose vulnerability (CVSS score: 7.5) enables privilege escalation to Ring-2, allowing attackers to modify SMM settings even with SMM Lock enabled. This can disable security features and facilitate persistent, nearly undetectable malware.\n\n# Affected Products\n\nAccording to AMD's advisory, the following models are affected [1]:\n\n- EPYC 1st, 2nd, 3rd, and 4th generations\n- EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000\n- Ryzen Embedded V1000, V2000, and V3000\n- Ryzen 3000, 5000, 4000, 7000, and 8000 series\n- Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series\n- Ryzen Threadripper 3000 and 7000 series\n- AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)\n- AMD Athlon 3000 series Mobile (Dali, Pollock)\n- AMD Instinct MI300A\n\n# Recommendations\n\nCERT-EU recommends applying AMD\u2019s available mitigations immediately [2].\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/>\n\n[2] <https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html>",
    "content_html": "<p><em>History:</em></p><ul><li><em>12/08/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On August 9, 2024, AMD disclosed a high-severity vulnerability, <strong>CVE-2023-31315</strong> (SinkClose), affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The flaw allows attackers with kernel-level access to gain Ring-2 privileges, potentially installing undetectable malware by modifying System Management Mode (SMM) settings [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>The SinkClose vulnerability (CVSS score: 7.5) enables privilege escalation to Ring-2, allowing attackers to modify SMM settings even with SMM Lock enabled. This can disable security features and facilitate persistent, nearly undetectable malware.</p><h2 id=\"affected-products\">Affected Products</h2><p>According to AMD's advisory, the following models are affected [1]:</p><ul><li>EPYC 1st, 2nd, 3rd, and 4th generations</li><li>EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000</li><li>Ryzen Embedded V1000, V2000, and V3000</li><li>Ryzen 3000, 5000, 4000, 7000, and 8000 series</li><li>Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series</li><li>Ryzen Threadripper 3000 and 7000 series</li><li>AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)</li><li>AMD Athlon 3000 series Mobile (Dali, Pollock)</li><li>AMD Instinct MI300A</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends applying AMD\u2019s available mitigations immediately [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/\">https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html\">https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}