AMD has begun releasing updates to patch some — but not all — chips affected by the recently discovered “Sinkclose” security flaw. The vulnerability spotted by researchers at IOActive was revealed in a report from Wired last week, and is said to affect most AMD processors going back to 2006. While AMD’s security team has been working to get some of these systems patched, Tom’s Hardware reports that the Ryzen 1000, 2000 and 3000 series along with the Threadripper 1000 and 2000 won’t get any such updates.
The company told Tom’s Hardware that these are among “older products that are outside our software support window.” Newer models and all of AMD’s embedded processors have reportedly already received or will be receiving the patch. The Sinkclose flaw is considered to be more of a risk for governments or other large entities than for the average user, and even then, taking advantage of it would require deep access to a particular system. But the researchers who found it warned that it could be disastrous if exploited, letting hackers run code in the chips’ normally protected System Management Mode.
Read the original article here