Skip to main content
  1. Home
  2. Computing
  3. News

Millions of AMD chips are being ignored in major security flaw fix

Add as a preferred source on Google
CPU pads on the AMD Ryzen 7 9700X.
Jacob Roach / Digital Trends

Hundreds of millions of AMD CPUs are facing a new vulnerability called Sinkhole. The exploit, which was first reported by Wired, impacts processors dating back to 2006, and it spans nearly all of AMD’s products. That list includes Ryzen, Threadripper, and Epyc CPUs across desktop and mobile, as well as AMD’s data center GPUs. Despite Sinkhole hitting some of AMD’s best processors, only the most recent batch of chips will receive a patch that fixes the vulnerability.

AMD isn’t patching Ryzen 1000, 2000, or 3000 processors, nor is it patching Threadripper 1000 and 2000 CPUs, reports Tom’s Hardware. The company claims that these older CPUs fall outside of its support window, despite the fact that millions are still in use. Still, even the most recent Ryzen 3000 chips were released over five years ago, and it makes sense that AMD would want to focus its support on new chips like the Ryzen 5 9600X and Ryzen 7 9700X.

Recommended Videos

Make no mistake, Sinkhole is a major security flaw. However, it’s not an exploit the vast majority of users need to worry about. Sinkhole, which was discovered by researchers at IOActive, allows attackers to run code in System Management Mode. This operating mode allows close access to the hardware, and it’s where you’ll find firmware running for power management settings, for example. Wired reports that the malware can dig down so deep that it’s easier to discard an infected computer rather than repair it.

Sounds scary, but an attacker would already need to have deeply infected your PC in order for Sinkhole to play a role. The researchers pointed to something like a bootkit as an example, which runs malicious code before the operating system loads in order to evade antivirus software. AMD says that attackers would already need access to the OS kernel in order for Sinkhole to be on the table. In other words, it would need to be a highly targeted attack on a severely compromised PC. It’s an exploit that should almost never occur on a consumer PC.

Anyone targeted by Sinkhole should get ready for trouble. The researchers say the exploit is so deep that it wouldn’t be picked up antivirus software, regardless of how sophisticated it is, and that malicious code can persist even through a reinstall of the operating system.

AMD has or is going to release a patch for its most recent chips. For consumers, that includes mobile processors dating back to AMD Athlon 3000, and for desktop, we’re talking processors dating back to Ryzen 5000. Although you shouldn’t worry much that Sinkhole will be exploited on your PC, it’s a good idea to patch your processor regardless. AMD says the update won’t come with a performance loss, and a little extra security never hurt anyone.

Jacob Roach
Former Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
How Claude helped my 65-year-old dad finally ditch his handwritten ledgers
AI has a lot to answer for, but this one small win is hard to argue with, at least for me.
Claude app on iPhone

My dad has owned a small business for as long as I can remember, and for just as long, he's kept his books the old-fashioned way. Every sale gets written down by hand so he can file his taxes later. The problem is that his accountant needs this data in Excel, and my dad, who didn’t grow up around computers, has never learned how to use it.

For years, his workaround was paying someone to manually type his handwritten entries into a spreadsheet. It worked, but it was adding additional cost to his business, which he wanted to avoid, but couldn't.

Read more
AI’s energy tax was already concerning. Research says AI agents are over hundred times worse
AI agents could consume 136 times more energy than today's AI, study finds
AI agents

The AI industry's soaring electricity demand has already become a growing concern for governments, utilities, and technology companies. But a new study suggests the next generation of artificial intelligence could make that problem significantly worse.

Researchers from the Korea Advanced Institute of Science and Technology (KAIST) have published what they describe as the first comprehensive analysis of the energy cost of AI agents - AI systems capable of reasoning, planning, and completing tasks autonomously. Their findings show that these systems can consume up to 136.5 times as much energy per query as conventional generative AI models, raising fresh questions about whether the infrastructure supporting tomorrow's AI is ready for what's coming.

Read more
I hope Apple keeps the MacBook Neo away from the AI hype and preserves its true identity
The cheapest MacBook beats the cheapest AI MacBook.
Computer, Electronics, Laptop

If there's one thing that has disrupted consumer tech economics over the last year while changing how we understand and recommend products, it's the ever-rising cost of memory and chips. 

The desperate need to scale up AI infrastructure has pushed major manufacturers to prioritize enterprise demand, leaving everyday consumers with far fewer choices. Those available cost significantly more than they did a year ago.

Read more