New AMD SinkClose flaw helps install nearly undetectable malware

Tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5), the flaw was discovered by IOActive Enrique Nissim and Krzysztof Okupski, who named privilege elevation attack 'Sinkclose.'

The researchers report that Sinkclose has passed undetected for almost 20 years, impacting a broad range of AMD chip models.

Okupski told Wired that the only way to detect and remove malware installed using SinkClose would be to physically connect to the CPUs using a tool called a SPI Flash programmer and scan the memory for malware.

According to AMD's advisory, the following models are affected:
EPYC 1st, 2nd, 3rd, and 4th generations
EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
Ryzen Embedded V1000, V2000, and V3000
Ryzen 3000, 5000, 4000, 7000, and 8000 series
Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
Ryzen Threadripper 3000 and 7000 series
AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
AMD Athlon 3000 series Mobile (Dali, Pollock)
AMD Instinct MI300A