AMD Patches Sinkclose Vulnerability for Ryzen 3000 Series Desktop Processors

TapTechNews August 20th news, according to AMD's official website security bulletin and briefing page, the company has pushed the Sinkclose vulnerability mitigation patch for the Ryzen 3000 series desktop processor with the code name Matisse on the 19th local time.

AMD announced this high-risk vulnerability with the number CVE-2023-31315, Sinkclose, on August 9th local time.

According to the description, this vulnerability is due to incorrect verification in the MSR (special module register) of the processor, which may allow a malicious program with ring0 access rights to modify the SMM configuration when SMM (system management mode) locking is enabled, thus possibly resulting in the situation of arbitrary code execution.

AMD released the initial security bulletin on the 9th and mentioned at that time that it would provide PI (TapTechNews note: Platform Initialization) firmware updates including mitigation measures for the Ryzen 3000, EPYC first-generation and later CPUs, but did not include the Matisse processor.

However, AMD adjusted the update plan on August 14th and included the Ryzen 3000 series desktop processors in the PI update scope.