AMD has released firmware updates to address a nearly two-decade-old silicon-level vulnerability in its EPYC datacenter processors and its line of Ryzen processors for PCs and embedded systems.

The flaw affects a component in the processor used to protect System Management Mode (SMM), an execution mode so protected in the processor that it is even more privileged than the kernel-level mode. Researchers at IOActive who discovered the privilege escalation vulnerability described it as an “unpatchable” issue that, if exploited, would allow an attacker to implant malware on a system that would be largely immune to removal attempts.

There are currently hundreds of millions of devices worldwide with AMD chips that contain this vulnerability.

The SinkClose Flaw

The vulnerability “SinkClose”, as IOActive researchers call it, is somewhat similar to “Memory sinkholean SMM bypass vulnerability in Intel Sandy Bridge and earlier processors that security researcher Christopher Domas disclosed in a 2015 Black Hat presentation. Domas has also other hardware level vulnerabilities in Intel chips.

“The vulnerability is nearly impossible to patch in computers that are not properly configured — which is the case for most systems,” IOActive said in a statement. “In properly configured systems, the vulnerability can lead to malware infections — known as bootkits — that are nearly impossible to detect.”

AMD itself has described the vulnerability as an issue that allows attackers who already have ring0 or kernel-level access to an affected system a way to potentially modify the SMM, even if SMM Lock, a feature designed to prevent unauthorized SMM modifications, is enabled. “Improper validation in a model-specific register (MSR) could allow a malicious application with ring0 access to modify the SMM configuration while SMM Lock is enabled, potentially leading to arbitrary code execution,” the chip seller said.

SMM is a mode on AMD chips for low-level system management features. It executes code only from a separate block of memory called system management random access memory, or SMRAM. AMD chips implement a memory controller called TSeg to protect access to SMRAM.

SMM bypass attack

However, IOActive researchers Enrique Nissim and Krzysztof Okupski found a way to bypass this protection and essentially let SMM execute code of their choosing from outside of SMRAM. They did this by leveraging a feature called TClose that AMD had included in its chips for backwards compatibility with a deprecated memory management function. Dumas’ SinkHole flaw involved a similar deprecated function in Intel chips.

Nissim and Okupski determined that an attacker could use the SinkClose flaw to insert malware deeply enough—and persistently enough—into a system to make it invisible to the operating system, hypervisor, and any endpoint detection mechanisms. In a talk at the DEF CON hacker conference on August 10, the researchers described the vulnerability as something that a remote attacker could exploit. However, an adversary would need a deep understanding of AMD chip architecture—something only a nation state would likely possess—to exploit it.

AMD itself has claimed in background context that an attacker with the necessary access level to exploit the SinkClose vulnerability would already have the ability to read, modify, erase, and spy on everything on the computer. In addition, someone with access at the kernel level of the operating system could also disable security mechanisms and prevent a computer from booting.

“This is similar to having the knowledge to break into a bank vault,” AMD noted in an email to Dark Reading. “In the real world, a burglar would have to get past the alarms, the guards, the vault door, and the locks themselves to get into the vault, which is clearly not an easy task.”

An attacker with the skills and knowledge to execute an SMM bypass attack could install malware of the kind that IOActive has warned about. But it wouldn’t be the first time that attackers have deployed such malware, AMD said in background information, citing the Lojax firmware-level rootkit from 2018. “While this malware is stealthy, it is not invisible or impossible to fix.”

“AMD has released mitigation options for its AMD EPYC datacenter products and AMD Ryzen PC products,” the chipmaker said. “A full list of affected products and mitigation options is available in our product security bulletin.”