Earlier, we reported on a new major security flaw that was discovered to be affecting millions of AMD processors, including the popular Ryzen desktop CPU range. The vulnerability gives unwanted users access to and the ability to run malicious code virtually undetected. On the plus side, this 'Sinkclose' vulnerability, as it's called, requires access to the system kernel, so it is rather sophisticated and technical to execute.
Another plus is that AMD has been quick to respond since Wired made the widespread news of the vulnerability public. AMD's security bulletin lists the vulnerabilities and outlines the complete list of AMD EPYC and Ryzen processors that will be given firmware updates.
However, it looks like AMD isn't going to be fixing the exploit for all of its affected CPUs. In a statement provided to Tom's Hardware, which noticed the absence of older Ryzen CPUs from the early days of Zen, the company says that these CPUs exist "outside our software support window." In that they're too old to continue supporting, even after a major security flaw was discovered.
This means AMD customers with Ryzen 1000, Ryzen 2000, and Ryzen 3000 Series CPUs will remain vulnerable, as will AMD customers with Threadripper 1000 and Threadripper 2000 Series CPUs. AMD's latest Ryzen 9000 Series and Ryzen AI 300 Series aren't listed on the AMD Security Bulletin as chips that will receive or have received a security update. This could mean AMD's latest chips aren't vulnerable.
This vulnerability is serious because it essentially exists as part of the CPU, so even if you wipe or replace your main drive, "it's still going to be there." Check out our full story on the Sinkclose vulnerability for more.