AMD reverses course, releases microcode update to fix Sinkclose flaw in Ryzen 3000 CPUs

Alfonso Maruccia

Posts: 2,571   +956
Staff
A dangerous potato: After researchers revealed the initial details of the Sinkclose security issue, AMD announced that a firmware update would be coming for some of its desktop, mobile, and server CPUs. However, in a surprising move, AMD has now decided to release a new microcode update for older Ryzen processors as well, though the exact reason for this decision remains unclear.

Sinkclose is a potentially serious security vulnerability discovered by IOActive analysts in AMD's x86 CPU technology. This low-level bug affects all processors released by the Santa Clara-based corporation since 2006. While AMD acknowledged IOActive's research, the company initially decided to release a microcode-based fix only for some of its most recent CPUs.

This decision sparked significant controversy, as widely used processors, some just five years old, were being left unprotected. In response to the backlash, AMD ultimately decided to address the Sinkclose vulnerability in older Ryzen CPUs as well. The company recently updated its security bulletin regarding the SMM Lock Bypass (CVE-2023-31315) issue, which is the formal definition of the security flaw informally known as Sinkclose.

On August 14, AMD updated its bulletin to provide a new "mitigation status" for Ryzen 3000 desktop processors based on the Matisse (Zen 2) microarchitecture. Although the company anticipated releasing a fix by August 20, the mitigation was actually delivered on August 19. Owners of PCs using Ryzen 3000 desktop CPUs should now look for the ComboAM4PI 1.0.0ba update, which is being distributed by OEM motherboard manufacturers through new firmware versions.

AMD describes CVE-2023-31315 as a "high" severity vulnerability that could lead to arbitrary code execution within the System Management Mode (SMM) environment, one of the most privileged operating modes in x86 CPUs. SMM technology was first introduced by Intel with the 386SL 32-bit processor as a power management feature, while AMD implemented its version of SMM in the Am386 processors released in 1991.

When the CPU is in SMM, normal code execution is suspended, and the operating system is effectively paused. A malicious actor with ring 0 access (Windows kernel-level access) could infect the PC's firmware to execute code in SMM (ring -2) during boot, AMD confirms. This scenario could effectively turn a bootkit into an invisible "ghost" within the system, making it extremely difficult – if not impossible – to remove without invasive hardware modifications.

AMD first released its third-generation Ryzen processors in November 2019, offering PC users a 15 percent increase in IPC (instructions per cycle) performance while reducing energy consumption. These CPUs retained compatibility with the AM4 socket used in previous models and introduced support for PCI Express 4.0 connectivity.

Permalink to story:

 
Depending on your local prices also a 5700x3d or the rummored 5500x3d can be a nice choice.
I got an 5700x3d for 147 Euros since the 5800x3d is 300 Euros and the 7800x3d is 350 Euros.
Half the price of the 5800x3d for a performance delta of just 4-5 %, was a no brainer for me.
I'm keeping this one for a while and also will build another PC with the 5600x I got from the upgrade.
As for the new UEFI image I'm waiting for performace analysis to see if it makes sense. I'm behind a corporate Firewall at home so no attack will reach me that soon.
 
Nice! My 3900X isn't that old.

I was planning on replacing it with a 9000 series, but after the reviews, I'm torn between that, a 7000 series upgrade, or a cheap 5800X3D upgrade to hold me over until the 11000 series. Glad to have a security patch while I decide.

My gaming rig is equipped with a 2020 CPU+GPU combo (i7-10700K, GeForce RTX 3080 RTX), and I will refuse to call it "old" for at least three more years :-D

I should upgrade the GPU, though.
 
Nice! My 3900X isn't that old.

I was planning on replacing it with a 9000 series, but after the reviews, I'm torn between that, a 7000 series upgrade, or a cheap 5800X3D upgrade to hold me over until the 11000 series. Glad to have a security patch while I decide.

I was never upgrading this cycle 3700x , son 5600x. As I'm not a hard core gamer the 5000 series 3D didn't even make sense- plus my PC is a RTX2060, son is 3080, so again no sense for me, as GPU limited

Given that AMD will probably release a performance boost profile for those who want it, and work the kinks out.
The 9000 series3D shouldn't be too far away.
Also for serious upgraders worth seeing what the new motherboards offer, no need to fluff around with 9950x to get it to work

I'll wait Zen 6 and host of new stuff that it allows - I wonder if AMDs crack team are working on this - With the thinking the B team should be good enough for latest chips
 
Most of my homelab runs on 1800x-2800x CPUS. Maybe upgrading everything to 3000 or 5000 cpus would be a nice winter project
 
However, in a surprising move, AMD has now decided to release a new microcode update for older Ryzen processors as well, though the exact reason for this decision remains unclear

AMD cut prices: "the cpus are not selling"
Intel cut prices: "it's in a really competitive position"
AMD patches vulnerability: "That's another weak point in their design"
Intel patches... : "It's protecting it's users"
AMD says "a": "It's a bad move from AMD".
whatever Intel: "Great things to come"
...
 
Ryzen 3000 is supported by Windows 11, and therefore not yet approaching obsolescence. It makes sense for AMD to provide support to keep its customer base happy.
 
Ryzen 3000 is supported by Windows 11, and therefore not yet approaching obsolescence. It makes sense for AMD to provide support to keep its customer base happy.
But why not fix the 2000 series too?

Quoted out of order but for good reason.

3000 is supported on Win 11 so it should have this fix. But the same goes for Ryzen 2000 - that is also supported on Win 11 and is apparently not getting the fix. That's not a great position for AMD to take.

Obviously fixing anything prior to that is arguably pointless since there's no official Win 11 support for OG Ryzen and earlier. And that's possibly the only good reason I've seen so far to justify the Win 11 support cutoff, in that is makes it easier to apply microcode fixes to fewer platforms that support an OS.

This really reminds me of the B350 support Snafu that AMD had that resulted in a u-turn after justified backlash. It's the sort of position that really makes AMD look like any other corporation and makes me question whether the goodwill assumed by consumers is actually misplaced.
 
My gaming rig is equipped with a 2020 CPU+GPU combo (i7-10700K, GeForce RTX 3080 RTX), and I will refuse to call it "old" for at least three more years :-D

I should upgrade the GPU, though.
I'm at a 3080 as well and hoping to upgrade to a 5080 if Nvidia decides to give a true generational improvement this time around. But I'm not holding my breath between Nvidia's AI goldmine and rumors of AMD skipping the high-end next year.
 
Nice! My 3900X isn't that old.

I was planning on replacing it with a 9000 series, but after the reviews, I'm torn between that, a 7000 series upgrade, or a cheap 5800X3D upgrade to hold me over until the 11000 series. Glad to have a security patch while I decide.
Hilariously, I discovered I'd already upgraded this computer to a 5800X3D and forgotten about it. 😆 My 3900X is still waiting for me to ebay it.
 
Back