Gigabyte published anadvisorystating it will release the new BIOS with the latest AGESA containing the ‘Sinkclose’ vulnerability patch for many of its AMD motherboards in succession by the end of August. The flaw exclusively affected the entire line of AMD processors released since 2006, requiring a wide range of CPUs to be updated with a new firmware containing the required AGESA microcode.
Considering the potential of this flaw and the release of the much-needed AGESA patches, it’s a norm for other motherboard makers to release the patched BIOS quickly once the AGESA patch is out. It’s safe to speculate since hackers did not exploit this for 18 years, it’s unlikely users would need to be concerned until they receive the BIOS for their AMD motherboards. That said, end users must update the respective motherboard BIOS once it is released. Since many motherboard makers like Gigabyte have included tools to flash BIOS quickly, it will not be difficult for most.
Only three days ago, AMD decided topatch the Sinkclose vulnerabilityon its Ryzen 3000 series desktop processors, coming close to patching all the CPUs released since 2006. The company did assure at an earlier date that there is no impact expected once the new AGESA-included BIOS is installed on respective motherboards. The following chipsets are the ones that will be patched, along with their BIOS AGESA versions:
As a quick recap, theSinkclose vulnerabilityallows the hacker to gain access to the AMD processor’s System Management mode, allowing them to exploit the system’s kernel provided the system is already affected by another attack. Though this is difficult, due to the wide range of AMD processors sold since 2006, this puts many users at potential risk.
Researchers have detected many such risks earlier, who then responsibly warn the public and inform the company with the necessary details. Some mitigations have performance loss to a certain extent after the patch. Manysecurityresearchers have done this for all chipmakers over the years, which has helped countless users. Naturally, the solution would need to come from the chipmaker, who then ships it to a partnered motherboard maker.
Since they’re not on the BIOS deployment plan, we’ve contacted AMD to clarify whether the latestRyzen 9000andRyzen AI 300processors were patched before their release. However, the chipmaker hasn’t responded to our inquiry.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom’s Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.
