Processors

fix-sinkclose

This is both a warning and a request for AMD to provide a fix. There is a new vulnerability that has been disclosed called "Sinkclose" (article). This vulnerability is notable because: "In theory, malicious code could burrow itself so deep within the firmware that it would be almost impossible to find. As a matter of fact, the researchers say that the code would likely survive a complete reinstallation of the operating system. The best option for infected computers would be a one-way ticket to the trash heap". While the exploit is not easy, if this it is exploited, the CPU becomes junk. Worse than junk, it becomes dangerous to put into a computer.

AMD will be issuing a fix for the 5000 and 7000 series processors, but not for the 3000 series desktop processors. Here is a link to their page of affected products and planned fixes (ctrl-f "Matisse" to find the relevant section). The 3000 series came out less than 5 years ago, in late 2019 and 2020. That's the absolute earliest people could buy them. These CPUs are recent, powerful, and still widely used. To not issue a fix for them is extremely disappointing.

If you have a 3000 series processor, be aware of this, and make your desire for a fix known to AMD. If you live in Europe, your country may even have consumer protection laws that entitle you to a refund or replacement.

Flatfire

I agree this isn't acceptable. It remains the only CPU on that list affected by the Sinkclose vulnerability that doesn't make the cut to receive an update. This list is published by AMD here: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html

Similar Zen 2 CPUs such as the Ryzen 4000 series are set to receive patches, indicating that this not a platform limitation. The lack of an explanation or statement from AMD regarding the exclusion of these CPUs from their patched cousins is disappointing.

elstaci

Great find by the way.

I can understand about fixing the flaw on all AMD Server Hardware processors like EPYC since those are used almost exclusively by companies Workstations and Servers and not by regular home users.

In my case I don't have an issue at all if my Rzyen 7 3700X is not fixed for the flaw since I am just a regular Home User and my PC isn't connected to any businesses directly.

For those who do have the Ryzen 3000 series processors on their Company PCs or Workstations most likely all they have to do is upgrade the processor to the 5000 series to secure their company related PCs. Most Motherboards that use the 3000 are compatible with the 5000 series processors.

Possibly AMD could make some sort of Exchange program to replace those specific 3000 series processors to 5000 series processors for a big discount to keep their Business Customers happy.

If you noticed by the processors that are going to be fixed includes the Ryzen 3000 Mobile series processors and newer. Probably because most laptops can be used for both personal and business uses and would be easier to hack into a laptop than try hacking into a Server or Work Station PC.

Another reason why I don't have an issue if my 3700x flaw is not fixed is because the new Motherboard BIOS to fix the flaw might cause unintentional performance issues on the processors like other fixes have done in the past.

darkradeon

they will fix 4000 series that is based on zen2 too as well the zen2 threadripper. while it's perfectly reasonable to give higher priority to more recent hardware, AMD already cutted zen1 and zen1+ in collaboration with microsoft to bump new hardware sales (and no other real valid reasons, we all know that since tpm2 is not a real static linkage requirement in kernel code... in fact it can be disabled), this seems like more a prank not delivering the agesa patch for 3000 series zen2 too.

Clockmaster77

Upgrading to 5000 series is not ever simple, because often it has to be changed the heatsink in the process and often the power supply unit, and to justify the change one must go to high end 5000 processors. This means, in my case for pure example:

I can change my 3700X with a 5950X, but

A) the 5950X is still outrageously expensive also in sale after years from its release

B) since my case has a side fan the operation can't be done because simply the heatsink doesn't fit in it, so, other money for the case

C) The TDP of high end AMD processor is lower than Intel ones. but still high: if one plans to add or has a decent video card, that absorbs a decent amount of power. In my case I have an RTX3060 (170W) and I plan to upgrade to a future hypothetical RTX5070 or similar class, so the TDP of the combined new CPU (105W with a limit of 142W) + GPU would force me to buy a GOLD 850W or more possibly modular PSU, that is, again, very expensive.

Not mentioning that:

1) One will still have a no more upgradable AM4 computer

2) If one suddenly needs to use the PC for office/commercial use, what is supposed to do? Do it and then if the worst happens say the boss/customer to call AMD and scream at them?

I have the precise right to do with my computer ever legitimate activity, personal and business/commercial, and I will continue to do so with my 3700X until I have the money to change entirely my computer, and it will not be my fault if something happens.

Teadrinker

Hello

For this exploit, hacker first needs Kernel access. That means if someone already has kernel access (access to Operating System), he can basically do anything he wishes, Sinkclose existing or not! Do not fall prey to fear-mongering of clickbait corporations.

I will personally (as 7000 user) disable any mitigation offered and will not install newer BIOS to AVOID performance regressions that come with such mitigations...

I already get 10% increased performance by disabling existing mitigations in Kernel (cannot disable BIOS level mitigations though). I have decided to live with these, but to add yet another mitigation to something that needs Kernel access in the first place, no, don't think so.

darkradeon

the PC software is still full of ring-0 kernel drivers outside hardware devices... just think about crowdstrike, gaming anti-cheating softwares, other remote management and survillance software, older devices... this is just a **bleep** move by AMD.

misterj

Teadrinker, good comment! I am curious what mitigations you disabled and how. Thanks, John.

Teadrinker

I use Linux and just recently tried to test my CPU (7900X3D) performance with ALL mitigations disabled. These include Spectre 1 and 2, ZenBleed and one more that forgot its name... these are applied on Kernel level. Though my BIOS also has some mitigations applied I think that cannot be disabled.

When I disabled all by using kernel parameter "mitigations = off", I measured between 8% to 10% improved gaming performance (when CPU bound though, as GPU bound scenes will hardly see much difference if any).

Bobman85

Absolutely they need to fix this, these processors are still being sold and used, one should not have to buy a new CPU to fix a security issue with their product. This sounds like a scheme to get people to buy their newer processors. AMD fix this or my next CPU will be intel.

kinarky

Ryzen 3000 mobile has a fix but not the desktop version, it's the only cpu family with "No fix planned".

So there'll be a bios update that contains a fix but not for my 3700x ?

Any explanation for this ?

Bobman85

It's pretty obvious why they are not offering a fix to their 3000 series desktop CPUs, because they want people, and especially businesses to buy one of their newer CPUs. This move is absolutely unacceptable as they could easily provide a fix for these CPUs , they probably already have one. If this is the way AMD is going to treat the customers of their products, then they don't deserve any customers.

smellyamd

amd now is the evil one. more evil than intel. means amd is satan. even though i wont make a difference, next upgrade will be no more amd. i will endure and wait for intel to be back. you amd become cocky now.

*out of topic , amd suck big time first you didnt manage well the launch of first gen CPU with AI, until now some manufacturer have yet to enable the npu (why your integration with oem is below par level). we buyer have to beg and talk to oem for this to get it done. amd lies and whenever i see amd presentation for their upcoming tech, i feel disgusted at these people. profit over righteous.

gatrpa

Amen. needs further explanation about whether it's really not an issue for 3000s or whether they are just being stingy

MBAD

No patches for cpu that is on the market? They are still completely usable. In other hand, what about refurbished pc, what about tons of electronic waste, green deals, global warming.

mrrizwan05

As of now, there is no fix for the Sinkclose exploit affecting 3000 series CPUs. Keep an eye on official updates from CPU manufacturers for any future patches or mitigation strategies.

Clockmaster77

I have a Ryzen7 3700X from the end of 2020, and I was planning to have it for many years to come for the fact it has 16 threads and so it will benefit of future software multithread optimizations, but my little investment for the future was useless. It is really pityful to know from AMD there will be no fix for this series of processors.

If at least AMD hasn't chosen to change so frequently the CPU sockets (AM4 socket was like a meteor how few years has been on the market) I could have think to buy a new AMD processor, but now, since I have to change MY ENTIRE MOTHERBOARD CPU AND MEMORY, I will surely be sure to CHANGE MY CPU VENDOR TOO.

Up to yesterday I was a big AMD supporter, today I am very disappointed, because it seems like you only care about selling new processors and you don't care about customers.

How do you think you can justify this? Who has an old processor must change it or be subject to crucial security risks and issues? This is absolutely senseless and also not clearly legitimate in my opinion. Also because the average user scared by the news could go looking for fake unofficial patches and risk exposing himself to even greater risks. I confess that I too am tempted to search the web to see if anyone has an alternative solution for my CPU, and I have been using PCs from more than three decades. Think about it because it is not fair to customers. Otherwise avoid making CPUs in the consumer market that can easily last for years due to the amount of power and spare threads available, and avoid to change sockets every 2 years.

Bobman85

I have a 3600, I'll be needing an upgrade in about a year or so just to keep up with gaming, after this stunt my next CPU won't be AMD, even if it means buying a new rig. I'm also a stock holder of AMD which will probably change too.

Processors

No fix for new Sinkclose exploit on 3000 series CPUs