Sinkclose

Sinkclose is a security vulnerability in certain AMD microprocessors dating back to 2006 that was made public by IOActive security researchers on August 9, 2024.^[1] IOActive researchers Enrique Nissim and Krzysztof Okupski presented their findings at the 2024 DEF CON security conference in Las Vegas^[2] in a talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation".

Sinkclose

CVE identifier(s)	CVE-2023-31315
CVSS score	Base 7.1 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Date discovered	Publicly disclosed August 9, 2024; 11 months ago (2024-08-09)
Affected hardware	AMD processors since 2006

AMD said it would patch all affected Zen-based Ryzen, Epyc and Threadripper processors but initially omitted Ryzen 3000 desktop processors. AMD followed up and said the patch would be available for them as well.^[3] AMD said the patches would be released on August 20, 2024.

Mechanism

Sinkclose affects the System Management Mode (SMM) of AMD processors. It can only be exploited by first compromising the operating system kernel.^[1][2] Once the exploit is effected, it is possible to avoid detection by antivirus software and even compromise a system after the operating system has been re-installed.