AMD won't update older Ryzen and Threadripper processors to address the Sinkclose vulnerability
AMD has begun releasing updates to address the Sinkclose vulnerability discovered by researchers at IOActive. This vulnerability affects most AMD processors released since 2006.
Here's What We Know
However, according to Tom's Hardware, the Ryzen 1000, 2000 and 3000 processors as well as the Threadripper 1000 and 2000 will not receive updates as they are considered outdated and out of the software support period. Newer models and all AMD embedded processors have received or will receive the new patch.
The Sinkclose vulnerability poses a major threat to governments and large organisations as it allows attackers to run code in protected system management mode. Despite this, the risk for regular users remains minimal as deep system access is required to exploit the vulnerability. The researchers warn that if the attack is successful, the consequences could be catastrophic.
Go Deeper:
The Sinkclose vulnerability allows attackers to execute code in System Management Mode (SMM), which is typically used for critical firmware operations. To exploit the vulnerability, hackers need to gain access to the system's kernel, which requires a prior hack. They can then install malware that remains invisible to antivirus and persists even after reinstalling the operating system. The vulnerability exploits TClose, a feature designed for compatibility with legacy devices, to redirect the CPU to execute its code at the SMM level.
Source: Tom's Hardware