AMD has stated that it will not patch the Sinkclose vulnerability on old Ryzen chips. This leaves millions of machines open for attack simply because they are out of the software support window.
Contacted by Tom’s Hardware regarding the Sinkclose flaw which hits processors dating back to 2006, AMD confirmed that it will not support chips that are older than Ryzen 3000. This includes Ryzen 1000, 2000, and 3000 Series, potentially in addition to Threadripper 1000 and 2000 models.
That said, if you own a recent chip, the brand has already released a patch to plug the hole. These include Ryzen, EPYC, and M1300A solutions. Thankfully, Team Red doesn’t expect any negative performance impact from this fix. However, this is not always the case, as Spectre and Meltdown patches noticeably reduced performance, prompting many users to uninstall said patches.
This vulnerability allows bad actors to tamper with machine code while remaining invisible to the OS (operating system). Once in place, the attack code loads first when the machine is turned on, allowing modification of the OS boot-up. Worse yet, this means that an attacker can bury malware deep inside the computer’s memory, surviving even OS reinstallation. The good news is that taking advantage of it requires access to the computer’s kernel.
While it’s understandable that a brand can’t support a product indefinitely, Ryzen 1000 isn’t even that old. It’s easy to say that it’s time to upgrade after seven years, but these CPUs are still plenty fast for work, media, and general internet browsing. Ryzen 3000, on the other hand, might be the most-sold generation of all these unpatched series. Here’s hoping the chipmaker stretches its fix at least that far.
Thankfully, the Sinkclose flaw has little impact on individual users as it requires a complex attack. This explains why AMD didn’t bother patching older chips, as enterprises which are the target of such attacks are likely to have already upgraded their systems. With that in mind, make sure to update your Ryzen 5000 or 7000 CPU, especially as performance remains the same.