To be fair though, hackers have not discovered the flaw for decades and requires them to get their paws on the chip to do any severe damage.
AMD Product Security has released updates for several processor families to address this issue, but not all models will receive coverage, probably because it is not worth it or older products fall outside their software support window.
AMD has no plans to update its Ryzen 1000, 2000, and 3000 series processors, or its Threadripper 1000 and 2000 models.
Most of AMD’s recent processors have already received mitigation options to address the issue. This includes all generations of AMD’s EPYC processors for data centres, the latest Threadripper models, and Ryzen processors.
Additionally, the MI300A data centre chips are also receiving the security patch. AMD assures users that there will be no expected performance impact due to the update. The company is likely to conduct performance tests to assess the patch’s impact on overall system performance fully.
The Sinkclose vulnerability impacts most of AMD’s processors released since 2006. However, some older models are not covered by the security patch. Notably, this includes Ryzen 3000 and older processors and Threadripper 2000 and older chips. The latest Ryzen 9000 and Ryzen AI 300 series processors may already have addressed this vulnerability during manufacturing.
To exploit Sinkclose, attackers need access to the system kernel. Essentially, the system must already be compromised by another attack. State-sponsored hackers typically use this sophisticated vector, so casual users need not panic.
Ryzen Embedded and EPYC Embedded systems will receive updates. These embedded machines often run continuously in the background, making them potential attack vectors if not correctly updated.
Even if your computer doesn’t harbour state secrets, consider updating your chips when AMD releases patches.