AMD Issues Alert On Major Vulnerability Found in Multiple CPUs
AMD Issues Alert On Major Vulnerability Found in Multiple CPUs
Advanced Micro Devices Inc (NASDAQ:AMD) has warned about a critical vulnerability named "SinkClose," which affects multiple generations of its EPYC, Ryzen, and Threadripper processors.
Advanced Micro Devices Inc (NASDAQ:AMD)警告稱,存在一項名爲"SinkClose"的嚴重漏洞,影響其多代EPYC、Ryzen和Threadripper處理器。
What Happened? The flaw allows attackers with Kernel-level (Ring 0) privileges to escalate to Ring -2 privileges, high-level access associated with System Management Mode (SMM), where they can install virtually undetectable malware, Bleeping Computer reports.
發生了什麼?該漏洞允許具有內核級(Ring 0)特權的攻擊者升級到Ring -2權限,即系統管理模式(SMM)相關的高級別訪問權限,在此處他們可以安裝幾乎無法檢測到的惡意軟件,Bleeping Computer報道。
IOActive researchers Enrique Nissim and Krzysztof Okupski discovered that the flaw allows attackers to alter SMM settings even when security measures like SMM Lock are enabled.
IOActive的研究人員Enrique Nissim和Krzysztof Okupski發現,即使啓用了SMm Lock等安全措施,該漏洞也允許攻擊者更改SMm設置。
The researchers will present their findings at the upcoming DefCon event, shedding light on a flaw that has remained undetected for nearly two decades and impacts a broad range of AMD chip models.
研究人員將在即將到來的DefCon活動上展示他們的發現,揭示了一個在近20年中一直未被發現,影響廣泛的AMD芯片模型的漏洞。
Why Is It Important? This flaw allows malicious code to deeply embed itself within the firmware, making it nearly impossible to detect or remove.
爲什麼重要?此漏洞允許惡意代碼深度嵌入固件中,幾乎不可能檢測或刪除。
Alarmingly, the vulnerability could persist even after a complete reinstallation of the operating system.
令人擔憂的是,即使重新安裝操作系統,漏洞也可能仍然存在。
The vulnerability affects various AMD processors, including EPYC (1st to 4th generations), Ryzen Embedded series, Ryzen (3000, 5000, 4000, 7000, and 8000 series), Ryzen Mobile series, Threadripper series, and Athlon Mobile 3000 series, among others.
該漏洞影響各種AMD處理器,包括EPYC(第1到4代)、Ryzen嵌入式系列、Ryzen(3000、5000、4000、7000和8000系列)、Ryzen移動系列、Threadripper系列以及Athlon Mobile 3000系列等。
AMD has already rolled out mitigations for EPYC and Ryzen desktop and mobile CPUs, with additional fixes for embedded CPUs expected soon.
AMD已針對EPYC和Ryzen臺式機和移動CPU推出了緩解措施,預計很快還會推出用於嵌入式CPU的其他修復程序。
AMD plans to release a fix for its 5000 and 7000 series processors, but users of the 3000 series desktop processors need more time. Despite these relatively recent CPUs being released in late 2019 and 2020, the company has decided not to issue a patch for them.
AMD計劃爲其5000和7000系列處理器發佈修復程序,但是3000系列臺式機處理器的用戶需要更多時間。儘管這些相對較新的CPU是在2019年底和2020年發佈的,但該公司已決定不爲其發佈補丁。
Rosenblatt analyst Hans Mosesmann maintained a Sell rating on Intel Corp (NASDAQ:INTC) as AMD continues to gain share on EPYC4 and newer EPYC5 road maps.
Rosenblatt分析師Hans Mosesmann將英特爾公司(NASDAQ:INTC)的評級保持爲賣出,因爲AMD在EPYC4和更新的EPYC5路線圖上繼續贏得份額。
AMD stock lost 24% in the last 30 days amid a broader sector selloff. The stock is still up over 225 in the last 12 months. Investors can gain exposure to the stock through SPDR S&P 500 ETF Trust (NYSE:SPY) and iShares Core S&P 500 ETF (NYSE:IVV).
AMD股票在過去30天中下跌了24%,受到整個行業的拋售影響。但在過去12個月中,該股票上漲了超過225。投資者可以通過SPDR S&P 500 ETF Trust(NYSE:SPY)和iShares Core S&P 500 ETF(NYSE:IVV)獲得該股票的利潤。
Price Actions: AMD shares were trading higher by 2.64% at $140.36 at the last check Tuesday.
價格行動:AMD股票在上週二最後一次交易時以140.36美元的價格上漲了2.64%。
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
免責聲明:本內容部分使用人工智能工具生成,並經Benzinga編輯審核發佈。
Photo via Shutterstock
圖片來自shutterstock。