Older AMD Ryzen and Threadripper CPUs Won't Receive Fix for Critical Sinkclose Vulnerability
A critical vulnerability affecting AMD processors manufactured since 2006 has raised concerns for millions of users. The vulnerability, known as Sinkclose, could allow hackers to gain control of a system through its System Management Mode (SMM).
Sinkclose exploits the UEFI bootloader – an alternative to BIOS – making malicious software nearly impossible to detect or remove. Access to SMM grants unrestricted access to all system memory, making this vulnerability particularly dangerous.
While AMD has addressed the issue by releasing security updates for some processors, older models have been left behind. Ryzen 1000, 2000, and 3000 series CPUs, as well as Threadripper 1000 and 2000 models, will not receive a patch due to the expiration of their software support lifecycle. Newer Ryzen 9000 and Ryzen AI 300 series processors are not mentioned, suggesting the vulnerability may have been addressed during manufacturing. A full list of affected processors is available here.
All EPYC and MI300A processors used in data centers have received updates, along with newer Threadripper and Ryzen models. Owners of unsupported chips are advised to rely on traditional security measures, such as updating their BIOS, installing antivirus software, and practicing safe browsing habits.