Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly sneaky malware and rogue insiders, even if the chip designer only patches models made since 2020.
Many AMD processors were affected by SinkClose security vulnerability
The bug was discovered by the folks at infosec services outfit IOActive and tracked as CVE-2023-31315 aka SinkClose. It is rated 7.5 out of 10 on CVSS severity, making it important rather than critical.
For processors that receive a fix, this will be delivered in the form of a firmware update via the BIOS manufacturer, or a hotloadable microcode update.
The flaw allows malware and rogue privileged users with access to the operating system's kernel to run code in System Management Mode (SMM), a highly privileged execution environment found in x86 processors from Intel and AMD. SinkClose is unique to AMD.
