AMD Issues Alert On Major Vulnerability Found in Multiple CPUs
AMD Issues Alert On Major Vulnerability Found in Multiple CPUs
Advanced Micro Devices Inc (NASDAQ:AMD) has warned about a critical vulnerability named "SinkClose," which affects multiple generations of its EPYC, Ryzen, and Threadripper processors.
Advanced Micro Devices Inc (NASDAQ:AMD)警告称,存在一项名为"SinkClose"的严重漏洞,影响其多代EPYC、Ryzen和Threadripper处理器。
What Happened? The flaw allows attackers with Kernel-level (Ring 0) privileges to escalate to Ring -2 privileges, high-level access associated with System Management Mode (SMM), where they can install virtually undetectable malware, Bleeping Computer reports.
发生了什么?该漏洞允许具有内核级(Ring 0)特权的攻击者升级到Ring -2权限,即系统管理模式(SMM)相关的高级别访问权限,在此处他们可以安装几乎无法检测到的恶意软件,Bleeping Computer报道。
IOActive researchers Enrique Nissim and Krzysztof Okupski discovered that the flaw allows attackers to alter SMM settings even when security measures like SMM Lock are enabled.
IOActive的研究人员Enrique Nissim和Krzysztof Okupski发现,即使启用了SMm Lock等安全措施,该漏洞也允许攻击者更改SMm设置。
The researchers will present their findings at the upcoming DefCon event, shedding light on a flaw that has remained undetected for nearly two decades and impacts a broad range of AMD chip models.
研究人员将在即将到来的DefCon活动上展示他们的发现,揭示了一个在近20年中一直未被发现,影响广泛的AMD芯片模型的漏洞。
Why Is It Important? This flaw allows malicious code to deeply embed itself within the firmware, making it nearly impossible to detect or remove.
为什么重要?此漏洞允许恶意代码深度嵌入固件中,几乎不可能检测或删除。
Alarmingly, the vulnerability could persist even after a complete reinstallation of the operating system.
令人担忧的是,即使重新安装操作系统,漏洞也可能仍然存在。
The vulnerability affects various AMD processors, including EPYC (1st to 4th generations), Ryzen Embedded series, Ryzen (3000, 5000, 4000, 7000, and 8000 series), Ryzen Mobile series, Threadripper series, and Athlon Mobile 3000 series, among others.
该漏洞影响各种AMD处理器,包括EPYC(第1到4代)、Ryzen嵌入式系列、Ryzen(3000、5000、4000、7000和8000系列)、Ryzen移动系列、Threadripper系列以及Athlon Mobile 3000系列等。
AMD has already rolled out mitigations for EPYC and Ryzen desktop and mobile CPUs, with additional fixes for embedded CPUs expected soon.
AMD已针对EPYC和Ryzen台式机和移动CPU推出了缓解措施,预计很快还会推出用于嵌入式CPU的其他修复程序。
AMD plans to release a fix for its 5000 and 7000 series processors, but users of the 3000 series desktop processors need more time. Despite these relatively recent CPUs being released in late 2019 and 2020, the company has decided not to issue a patch for them.
AMD计划为其5000和7000系列处理器发布修复程序,但是3000系列台式机处理器的用户需要更多时间。尽管这些相对较新的CPU是在2019年底和2020年发布的,但该公司已决定不为其发布补丁。
Rosenblatt analyst Hans Mosesmann maintained a Sell rating on Intel Corp (NASDAQ:INTC) as AMD continues to gain share on EPYC4 and newer EPYC5 road maps.
Rosenblatt分析师Hans Mosesmann将英特尔公司(NASDAQ:INTC)的评级保持为卖出,因为AMD在EPYC4和更新的EPYC5路线图上继续赢得份额。
AMD stock lost 24% in the last 30 days amid a broader sector selloff. The stock is still up over 225 in the last 12 months. Investors can gain exposure to the stock through SPDR S&P 500 ETF Trust (NYSE:SPY) and iShares Core S&P 500 ETF (NYSE:IVV).
AMD股票在过去30天中下跌了24%,受到整个行业的抛售影响。但在过去12个月中,该股票上涨了超过225。投资者可以通过SPDR S&P 500 ETF Trust(NYSE:SPY)和iShares Core S&P 500 ETF(NYSE:IVV)获得该股票的利润。
Price Actions: AMD shares were trading higher by 2.64% at $140.36 at the last check Tuesday.
价格行动:AMD股票在上周二最后一次交易时以140.36美元的价格上涨了2.64%。
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
免责声明:本内容部分使用人工智能工具生成,并经Benzinga编辑审核发布。
Photo via Shutterstock
图片来自shutterstock。