Gigabyte published an advisory stating it will release the new BIOS with the latest AGESA containing the 'Sinkclose' vulnerability patch for many of its AMD motherboards in succession by the end of August. The flaw exclusively affected the entire line of AMD processors released since 2006, requiring a wide range of CPUs to be updated with a new firmware containing the required AGESA microcode.
Considering the potential of this flaw and the release of the much-needed AGESA patches, it's a norm for other motherboard makers to release the patched BIOS quickly once the AGESA patch is out. It's safe to speculate since hackers did not exploit this for 18 years, it's unlikely users would need to be concerned until they receive the BIOS for their AMD motherboards. That said, end users must update the respective motherboard BIOS once it is released. Since many motherboard makers like Gigabyte have included tools to flash BIOS quickly, it will not be difficult for most.
Only three days ago, AMD decided to patch the Sinkclose vulnerability on its Ryzen 3000 series desktop processors, coming close to patching all the CPUs released since 2006. The company did assure at an earlier date that there is no impact expected once the new AGESA-included BIOS is installed on respective motherboards. The following chipsets are the ones that will be patched, along with their BIOS AGESA versions:
As a quick recap, the Sinkclose vulnerability allows the hacker to gain access to the AMD processor's System Management mode, allowing them to exploit the system's kernel provided the system is already affected by another attack. Though this is difficult, due to the wide range of AMD processors sold since 2006, this puts many users at potential risk.
Researchers have detected many such risks earlier, who then responsibly warn the public and inform the company with the necessary details. Some mitigations have performance loss to a certain extent after the patch. Many security researchers have done this for all chipmakers over the years, which has helped countless users. Naturally, the solution would need to come from the chipmaker, who then ships it to a partnered motherboard maker.
Since they're not on the BIOS deployment plan, we've contacted AMD to clarify whether the latest Ryzen 9000 and Ryzen AI 300 processors were patched before their release. However, the chipmaker hasn't responded to our inquiry.
