Skip to main content
  1. Home
  2. Computing
  3. News

Millions of AMD chips are being ignored in major security flaw fix

By
CPU pads on the AMD Ryzen 7 9700X.
Jacob Roach / Digital Trends

Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006, and it spans nearly all of AMD’s products. That list includes Ryzen, Threadripper, and Epyc CPUs across desktop and mobile, as well as AMD’s data center GPUs. Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch that fixes the vulnerability.

AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware. The company claims that these older CPUs fall outside of its support window, despite the fact that millions are still in use. Still, even the most recent Ryzen 3000 chips were released over five years ago, and it makes sense that AMD would want to focus its support on new chips like the Ryzen 5 9600X and Ryzen 7 9700X.

Recommended Videos

Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about. Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode. This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example. Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!
Privacy Policy

Sounds scary, but an attacker would already need to have deeply infected your PC in order for Sinkhole to play a role. The researchers pointed to something like a bootkit as an example, which runs malicious code before the operating system loads in order to evade antivirus software. AMD says that attackers would already need access to the OS kernel in order for Sinkhole to be on the table. In other words, it would need to be a highly targeted attack on a severely compromised PC. It’s an exploit that should almost never occur on a consumer PC.

Anyone targeted by Sinkhole should get ready for trouble. The researchers say the exploit is so deep that it wouldn’t be picked up antivirus software, regardless of how sophisticated it is, and that malicious code can persist even through a reinstall of the operating system.

AMD has or is going to release a patch for its most recent chips. For consumers, that includes mobile processors dating back to AMD Athlon 3000, and for desktop, we’re talking processors dating back to Ryzen 5000. Although you shouldn’t worry much that Sinkhole will be exploited on your PC, it’s a good idea to patch your processor regardless. AMD says the update won’t come with a performance loss, and a little extra security never hurt anyone.

Editors’ Recommendations

Topics
Jacob Roach
Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Your AMD Ryzen CPU is about 10% slower than it should be
The AMD Ryzen 7 9700X installed in a motherboard.

AMD's Zen 5 CPUs haven't been able to impress in gaming, showing only small generational improvements -- but there are still some free frame rates to be won here. According to a comprehensive set of gaming benchmarks, a new Windows Update might be all that it takes to improve the performance of AMD's best processors, and this includes Zen 4 CPUs, too.

Earlier this month, Hardware Unboxed revealed that AMD's latest CPUs might be missing out on some frames per second (fps) in games due to a Windows bug. Switching to an Admin account (which is a little harder than it seems to be) fixed the problem, boosting both Zen 4 and Zen 5 CPUs by a considerable amount. AMD also hinted that this might be the issue behind Zen 5's lackluster performance, although it also blamed other factors, such as using different test suites or not running on Admin mode.

Read more
I tested the Ryzen 9 9950X against the Ryzen 7 7800X3D, and I was shocked by the results
The Ryzen 9 9950X socketed in a motherboard.

If we're going strictly by the numbers, the Ryzen 9 9950X is the best processor you can buy. It tops performance charts almost across the board, as you can read in our Ryzen 9 9950X and Ryzen 9 9900X review. In practice, the CPU isn't as impressive as it could be. Not only does it arrive much more expensive than the competition but AMD is competing with itself when it comes to CPUs like the Ryzen 7 7800X3D.

I expected the Ryzen 7 7800X3D to continue to stay relevant in this new era of Zen 5 CPUs. I didn't, however, expect it to be a flat-out better choice for those looking for the best gaming processor. Although the Ryzen 9 9950X can top productivity charts, AMD's last-gen gaming monster remains the performance king when you're chasing frames.
Specs

Read more
I tested AMD’s latest claims about Ryzen 9000, and they don’t hold up
The Ryzen 9 9950X between someone's fingertips.

AMD says that gaming performance on Ryzen 9000 is actually better than what you've read. As you can read in our Ryzen 9 9950X and Ryzen 9 9900X review, AMD's new Zen 5 CPUs are the best processors you can buy when it comes to productivity. Gaming performance, on the other hand, is disappointing.

According to a new blog post from AMD, there are a few reasons why reviewers saw lower gaming performance than expected. Chief among them are the fact that AMD used an unreleased version of Windows 11 -- the 24H2 update, which is available to Windows Insiders -- and that it used an administrator account for its "automated test methodology." In light of that, I downloaded the Windows update, spun up an admin account, and retested the Ryzen 9 9950X. And I'm not seeing what AMD claims at all.

Read more