Skip to main content
  1. Home
  2. Computing
  3. News

Millions of AMD chips are being ignored in major security flaw fix

By
CPU pads on the AMD Ryzen 7 9700X.
Jacob Roach / Digital Trends

Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006, and it spans nearly all of AMD’s products. That list includes Ryzen, Threadripper, and Epyc CPUs across desktop and mobile, as well as AMD’s data center GPUs. Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch that fixes the vulnerability.

AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware. The company claims that these older CPUs fall outside of its support window, despite the fact that millions are still in use. Still, even the most recent Ryzen 3000 chips were released over five years ago, and it makes sense that AMD would want to focus its support on new chips like the Ryzen 5 9600X and Ryzen 7 9700X.

Recommended Videos

Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about. Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode. This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example. Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

Sounds scary, but an attacker would already need to have deeply infected your PC in order for Sinkhole to play a role. The researchers pointed to something like a bootkit as an example, which runs malicious code before the operating system loads in order to evade antivirus software. AMD says that attackers would already need access to the OS kernel in order for Sinkhole to be on the table. In other words, it would need to be a highly targeted attack on a severely compromised PC. It’s an exploit that should almost never occur on a consumer PC.

Anyone targeted by Sinkhole should get ready for trouble. The researchers say the exploit is so deep that it wouldn’t be picked up antivirus software, regardless of how sophisticated it is, and that malicious code can persist even through a reinstall of the operating system.

AMD has or is going to release a patch for its most recent chips. For consumers, that includes mobile processors dating back to AMD Athlon 3000, and for desktop, we’re talking processors dating back to Ryzen 5000. Although you shouldn’t worry much that Sinkhole will be exploited on your PC, it’s a good idea to patch your processor regardless. AMD says the update won’t come with a performance loss, and a little extra security never hurt anyone.

Jacob Roach
Jacob Roach
Former Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Topics

Editors’ Recommendations

AMD is conceding to Nvidia with the RX 9070 XT and FSR 4
AMD announcing FSR 4 during CES 2025.

AMD revealed its long-awaited RDNA 4 architecture at CES 2025, but it arrived with more of a thud and less of a bang. Although the new RX 9070 XT and RX 9070 could make the list of the best graphics cards, it's hard to say if they will right now, despite the fact that the cards are expected to arrive in the first few months of this year.

In its action-packed CES keynote, the new RDNA 4 range was a passing note instead of the main event. Although details about the new RDNA 4 architecture are light, AMD says it updated just about every aspect of its GPU design. That includes better ray tracing performance with third-gen RT accelerators, broader media encoding support with a second-gen AMD Radiance Display engine, and critically, AI grunt with second-gen AI accelerators.

Read more
AMD’s new Ryzen Z2 chip promises ‘console-class’ performance for handhelds
Steam Deck and ROG Ally sitting together on a table.

As AMD confirmed to Digital Trends last year, the new range of Ryzen Z2 chips is here to kick off 2025. Announced during AMD's CES 2025 keynote, there are three models that make up the Ryzen Z2 range, which AMD says is designed to meet the "explosive demand" for handheld gaming PCs. Although we don't have any specific devices featuring the Ryzen Z2 range yet, AMD says "you'll see [the Ryzen Z2] coming to market from a number of partners -- the Legion Go, the ROG Ally, the Steam Deck."

You can see how the range breaks down below. Similar to AMD's first generation of handheld APUs, we're getting both a base Ryzen Z2 and an Extreme variant. Both come with eight cores and 16 threads, but the Z2 Extreme boasts 16 graphics cores compared to 12 on the base Ryzen Z2. The Ryzen Z2 Extreme can also climb a bit higher, up to 35 watts. Compared to the Ryzen Z1 range, both of these chips also come with a boost to 24MB of cache, compared to 16MB on the Ryzen Z1 Extreme.

Read more
AMD brings back 3D V-Cache chips for gaming laptops
The AMD Fire Range laptop CPU announced at CES 2025.

AMD just announced over a dozen new laptop CPUs, which will appear in over 150 new laptops being announced at CES 2025 and later this year, including a new 3D V-Cache chip for gaming laptops and some really impressive graphics in its new Ryzen AI Max+ halo chips.

Let's start with Fire Range. These chips are for high-end gaming laptops, a successor to Dragon Range line, catering to enthusiast gamers and, so far, only enthusiasts are going to be happy, as those laptops likely be quite expensive. On the other hand, the CPUs sound mighty powerful. The lineup includes, first and foremost, the next big 3D V-Cache chip, dubbed the Ryzen 9 9955HX3D.

Read more