AMD CPU Security: Identifying and Fixing Sinkclose Risks

Learn which AMD processors are affected by the Sinkclose flaw and how to apply BIOS updates to protect your system from persistent security threats.

---

AMD Security Vulnerabilities: How Unpatched Flaws May Affect Your PC

AMD Security Vulnerabilities: How Unpatched Flaws May Affect Your PC

Recent security disclosures have identified high-severity vulnerabilities affecting nearly all AMD processors manufactured over the last two decades ^{[2][8][10][12]}. This article assists in identifying if your specific hardware is at risk and provides guidance on mitigation strategies for both supported and legacy systems ^[4][5][13].

Hook & Who This Is For

Understanding the "Sinkclose" Vulnerability and Its Impact on Legacy Ryzen and EPYC Processors

Imagine discovering that the processor powering your workstation or server contains a critical architectural flaw that has remained hidden for nearly two decades ^[5][8]. For millions of users, this scenario became a reality with the disclosure of the Sinkclose vulnerability, which potentially impacts almost every AMD chip released since 2006 ^[6][15]. The situation is further complicated by official decisions to potentially leave certain hardware generations without a security fix ^[4][11].

This article is for users of AMD Ryzen and AMD EPYC processors who need to evaluate their system's safety and determine if they are eligible for security updates ^[1][2]. It is particularly relevant for IT administrators managing server environments and individual power users who rely on legacy hardware that may no longer be supported ^[7][14].

The following sections cover:

• The technical scope of the Sinkclose vulnerability and how it targets the AMD Secure Processor (ASP) and SEV-SNP (Secure Nested Paging) ^[3][8].
• Official severity ratings for vulnerabilities such as AMD-SB-4004 and AMD-SB-3003, which are currently classified as High ^[9][14].
• A breakdown of which processor families, specifically the Ryzen 1000, 2000, and 3000 series, are reportedly excluded from official mitigation plans ^[4][7].
• The impact on platform components including System Management Mode (SMM) and IOMMU ^[10].

This guide focuses on the current hardware support landscape and the risks associated with unpatched legacy systems. It does not provide legal advice regarding manufacturer warranties or consumer rights.

TL;DR / What This Means for You

Learn how the high-severity Sinkclose flaw impacts nearly two decades of AMD hardware and why some legacy processors will not receive security patches.

---

The Sinkclose vulnerability represents a significant security challenge for users of AMD-based systems. This flaw allows malicious code to hide deep within a computer's firmware, making it potentially impossible to remove through traditional methods like reformatting a drive.

This report covers the technical impact of the Sinkclose vulnerability, identifies which hardware generations are affected, and clarifies which systems will—and will not—receive official security updates.

---

Key Sources (Quick Links)

• Supermicro — AMD Security Vulnerabilities, August 2024 ^[1]
• SUSE — SUSE-SU-2026:20228-1: important: Security update for the Linux Kernel ^[3]
• AMD — AMD Graphics Vulnerabilities – August 2025 (AMD-SB-6018) ^[4]

TL;DR / What This Means for You

For users seeking a quick overview of the situation, the following points summarize the current state of the Sinkclose vulnerability:

• Deep System Persistence: The vulnerability, technically known as Sinkclose, allows an attacker to bypass Secure Boot and survive entire operating system reinstalls ^[7][8].
• Widespread Impact: The flaw affects nearly all AMD processors produced since 2006, spanning almost 20 years of hardware releases ^[8][15].
• High Severity: Official advisories classify the severity of these vulnerabilities as High ^[2][11].
• The Patch Gap: While AMD has released mitigations for EPYC and newer Ryzen product lines, the company will not provide patches for Ryzen 1000, 2000, and 3000G series processors ^[9][10][12].
• Action Required: To mitigate the risk, users must install BIOS updates containing the latest AMD AGESA PI packages ^[1].
• Hardware Limitations: For owners of legacy hardware that AMD refuses to fix, the risk may only be fully mitigated by upgrading to a newer processor generation ^[14][15].

---

Summary of Patch Status by Product Line

Processor Series	Patch Status	Required Action
AMD EPYC (1st - 5th Gen)	Supported [14]	Update to BIOS version 3.3 or higher (model dependent) [6]
Ryzen 3000 (Standard Desktop)	Supported [4]	Check motherboard manufacturer for latest AGESA update [1]
Ryzen 4000 / 5000 / 7000	Supported [4]	Install latest available BIOS update [1]
Ryzen 1000 / 2000 / 3000G	Not Supported [9][10]	Consider hardware upgrade to a supported generation [14]

---

If you are unsure whether your specific system is protected, it is generally safer to verify your current BIOS version against the manufacturer's support page than to assume your system is secure. One idea to keep in mind: it is usually cheaper to ask a professional once than to fix a compromised system later.

Background: CPU Vulnerabilities and SMM

The System Management Mode (SMM) is a highly privileged execution environment within x86-based processors that operates independently of the standard operating system ^[2][11][108]. Often referred to as Ring -2, it sits at a layer deeper than the kernel (Ring 0) and the hypervisor (Ring -1) ^{[11][14][143]}. Because SMM has extensive control over low-level hardware functions, it is a critical component for system stability and security ^[2][11][110].

Vulnerabilities targeting this layer are classified with a High severity rating ^[1][2]. Recent security advisories indicate that several platform components are affected, including the SMM, the AMD Secure Processor (ASP), and SEV-SNP (Secure Nested Paging) ^[1][2]. Exploiting these flaws allows for code execution at the SMM level, which can lead to unauthorized privilege escalation deep within the hardware ^{[11][14][110]}.

---

The Path of Exploitation

Accessing Ring -2 is not a direct process. To exploit the Sinkclose vulnerability or similar flaws, an attacker must typically already possess kernel-level (Ring 0) access to the system ^[15]. This prerequisite acts as a significant barrier to entry, as the system must generally be compromised at the operating system level before an attacker can target the SMM ^[15].

Once an attacker has obtained Ring 0 access, the vulnerability enables them to escalate privileges further into Ring -2 ^[11]. This allows malicious code to execute within the System Management Mode, where it can potentially bypass standard security measures and maintain a persistent presence that is difficult to detect using traditional software tools ^{[14][143][110]}.

---

Mitigation through Firmware Updates

Defending against hardware-level vulnerabilities requires updates to the system firmware rather than just patches to the operating system ^[2]. These mitigations are typically delivered through updated AMD AGESA PI packages, which are integrated into BIOS updates by motherboard manufacturers ^[2][4].

According to security advisories from August 2024 and August 2025, specific BIOS versions are required to mitigate these risks on server hardware ^[1][2].

Hardware Series	Required BIOS Version
H11/H12 EPYC 7001/7002/7003	3.3 [2]
H12 Rome/Milan	2.8 [1]

Updating the BIOS to these specific versions ensures that the vulnerabilities affecting the SMM and ASP are addressed ^[1][2]. It is generally recommended to monitor manufacturer support pages for the latest AGESA microcode updates to maintain platform security ^[2][4].

Problem Explanation: Sinkclose and Insecure Auto-Updates

The primary security concern involves a critical vulnerability officially tracked as CVE-2023-31315, commonly known as Sinkclose ^[1][2][9]. This flaw is considered highly significant because it potentially affects nearly every AMD processor released since 2006 ^[3][8]. This extensive scope covers hundreds of millions of chips produced over approximately two decades ^[6][7].

The vulnerability is classified with a High severity rating ^[11]. It targets deep architectural components of the platform, including the System Management Mode (SMM), the AMD Secure Processor (ASP), and Secure Nested Paging (SEV-SNP) ^[13][15]. Because the exploit operates at such a low level, an infection can potentially survive operating system reinstalls and bypass Secure Boot ^[12].

---

How Sinkclose Functions

The exploit is named Sinkclose as a portmanteau of the 2015 "Sinkhole" exploit and a specific chip feature called TClose ^[10]. Researchers identified that the flaw persists across generations of AMD's architecture ^[3].

To successfully utilize this flaw, an attacker must typically possess kernel-level access to the operating system ^[14]. While this requirement means a system must already be compromised at a high level, once the Sinkclose exploit is deployed, the resulting malware can become virtually undetectable and extremely difficult to remove ^[3][9].

---

Issues with Legacy Support and Updates

In addition to the CPU-level flaws, concerns have been raised regarding the security of update mechanisms and legacy hardware. Reports suggest that some Remote Code Execution (RCE) vulnerabilities may stem from software update tools downloading executables via unencrypted HTTP connections.

Furthermore, AMD has indicated that it will not release patches for certain vulnerabilities, such as CVE-2023-31306, for several legacy graphics series ^[5]. This includes the Radeon RX 5000, RX Vega, PRO VII, and PRO W5000 series ^[5]. The manufacturer stated that addressing these specific flaws on older hardware would pose a significant risk of regression and system instability ^[5].

Vulnerability	Affected Components	Reported Impact
CVE-2023-31315 (Sinkclose)	SMM, ASP, IOMMU, SEV-SNP [13][15]	Deep, persistent infection; bypasses Secure Boot [12]
CVE-2023-31306	Radeon RX 5000, Vega, PRO VII [5]	Potential security risk; remains unpatched on legacy cards [5]

These combined factors suggest that older systems may remain susceptible to deep-level infections if they are not actively supported with new microcode or driver updates. Experts suggest that the persistence of these flaws in the hardware architecture makes them "virtually unfixable" on certain older platforms ^[3][11].

Why This Happens: The Root Causes

Several factors contribute to the decision to leave certain hardware vulnerabilities unpatched. While security is a high priority for modern systems ^[2][4], manufacturers often face technical and logistical hurdles when addressing flaws in older architectures.

Lifecycle and Support Policies

The most frequent reason for unpatched flaws is that the hardware has exceeded its official support window ^[11][15]. AMD has confirmed that it will not release patches for the Ryzen 1000, 2000, and 3000 series processors ^[11][14]. These older consumer generations are typically excluded from mitigation roadmaps due to established hardware support lifecycle policies ^[7][15].

Stability and Regression Risks

In specific cases, providing a security fix may do more harm than good to a system's overall performance. For products such as the Radeon RX 5000, RX Vega, PRO VII, and PRO W5000 series, AMD stated it would not release a fix for CVE-2023-31306 ^[1]. Addressing this vulnerability reportedly poses a "significant risk of regression and instability" ^[1]. The complexity of backporting modern security patches to older driver architectures can potentially lead to system crashes or reduced functionality.

Severity and Component Classification

Manufacturers may also choose not to patch vulnerabilities if the severity is classified as low or if the hardware is deemed "out of scope" ^[10][11]. For example, the vendor is not providing patches for CVE-2024-36348 and CVE-2024-36349 ^[10]. Additionally, certain hardware, such as the M11SDV-4/8C(T)-LN4F motherboard, is explicitly listed as "Not Affected" by certain high-severity advisories like AMD-SB-4012 ^[2][11].

Resource Prioritization

Evidence suggests a clear distinction in how enterprise versus consumer hardware is handled. While older consumer Ryzen CPUs are left unattended ^[3][7], AMD continues to provide mitigations for five generations of EPYC server processors, ranging from the 1st through the 5th generation ^[2][6].

---

Hardware Category	Support Status	Primary Reason
Ryzen 1000/2000/3000	Unpatched	Lifecycle Policy [11][15]
Radeon RX 5000/Vega	Unpatched	Stability/Regression Risk [1]
EPYC 1st-5th Gen	Patched	Enterprise Priority [2][6]
H11/H12 Motherboards	Patched	Essential Server Support [8]

---

Risks & Limitations

It is important to note that using unpatched hardware can potentially expose systems to persistent security risks. While the Sinkclose vulnerability requires high-level access to exploit, the lack of official patches for older Ryzen chips means those platforms may remain vulnerable indefinitely ^[3][11]. Users should generally consider that once a product reaches the end of its support lifecycle, it is unlikely to receive further security updates, regardless of the vulnerability's severity ^[7][15].

Evidence & Reality Check

Official documentation and independent research confirm that the identified security risks are significant and widespread. Supermicro and AMD released or updated security advisories in August 2024 and August 2025, classifying several vulnerabilities as High severity ^[1][2][3][5]. These official reports indicate that the flaws target critical platform components, including the System Management Mode (SMM), the AMD Secure Processor (ASP), the IOMMU, and SEV-SNP (Secure Nested Paging) ^[4][11].

Researchers from IOActive discovered a specific vulnerability named Sinkclose, which is officially tracked as CVE-2023-31315 ^[12][14]. This flaw reportedly affects nearly all AMD processors released since 2006, suggesting a deep-rooted architectural issue ^[12]. Analysts confirm that these trends are not isolated incidents but reflect a broader, complex hardware security landscape ^[12].

---

The practical impact of these vulnerabilities is characterized by their potential for persistence and the specific requirements for exploitation:

• Deep Persistence: The Sinkclose vulnerability can potentially survive operating system reinstalls and bypass Secure Boot mechanisms, making it exceptionally difficult to detect or remove once an infection occurs ^[10].
• Access Requirements: Exploiting Sinkclose typically requires an attacker to already possess kernel-level access to the computer's core operating system ^[13].
• Mitigation Method: Security updates are generally delivered through updated AMD AGESA PI packages bundled within system BIOS updates ^[8].

---

The following table summarizes the confirmed fix versions for common server motherboards as of the recent advisories:

Hardware Series	August 2024 Fix Version	August 2025 Fix Version
H11 EPYC 7001	-	BIOS 3.3 [6]
H12 EPYC 7002/7003	BIOS 2.8 [9]	BIOS 3.3 [6]

Note: Not all products are affected by every advisory. For instance, the M11SDV-4/8C(T)-LN4F motherboard is listed as "Not Affected" by the AMD-SB-4012 advisory ^[7].

These documented facts confirm that while the vulnerabilities are severe and persistent, they often require significant initial access to a system before they can be leveraged ^[13]. Industry forecasts suggest that maintaining up-to-date BIOS versions remains the primary method for mitigating these hardware-level risks ^[8].

How to Check if You Are Affected

Determining your level of risk requires identifying your specific hardware generation and current firmware status. Because many of these vulnerabilities are rated with High severity ^[6][8], users should perform a systematic check of their system components.

Step 1: Identify Your CPU Generation

The first step is to confirm which processor family is powering your system. Impacted hardware spans both consumer and enterprise lines, though the availability of fixes varies significantly by generation.

• Consumer Desktop/Laptop: Check if you are using Ryzen 1000, 2000, or 3000 series CPUs, as these older generations are reportedly not scheduled to receive patches ^[11]. In contrast, Ryzen 5000, 6000, 7000, and 8000 series processors have firmware updates available ^[9].
• Server and Enterprise: Identify if your system uses 1st, 2nd, 3rd, 4th, or 5th Gen AMD EPYC processors or Ryzen Threadripper ^[2][3]. Affected families include H11, H12, H13, and H14 ^[3].
• Graphics Hardware: Users of Radeon RX 5000, RX Vega, PRO VII, and PRO W5000 series should note that certain vulnerabilities, such as CVE-2023-31306, may not receive a fix due to the risk of system instability ^[13].

Step 2: Check Current BIOS and AGESA Versions

Mitigations are delivered through updated AMD AGESA PI packages bundled within BIOS updates provided by motherboard manufacturers ^[1]. You can find your current version in the system information or UEFI menu.

Product Category	Targeted Fix Version	Status
H11 / H12 EPYC (7001/7002/7003)	BIOS Version 3.3 [4]	Available [14]
H12 Rome / Milan Motherboards	BIOS Version 2.8 [5]	Available [12]
Ryzen 5000-8000 Series	Varies by manufacturer [9]	Available [9]
Ryzen 1000-3000 Series	N/A	No fix planned [11]

Step 3: Verify Technical Component Exposure

If you are using a professional or server-grade system, verify if your environment relies on specific platform components targeted by these flaws. The vulnerabilities primarily affect the AMD Secure Processor (ASP), SMM, IOMMU, and SEV-SNP (Secure Nested Paging) ^[7][15].

Warning: Systems listed as "Affected" that have not been updated to the recommended BIOS versions (e.g., version 2.8 or 3.3 for specific EPYC boards) remain potentially vulnerable to exploits targeting the ASP and SMM ^[4][5][15].

---

Step 4: Check for Specific Model Exemptions

Some hardware within affected families may be exempt from specific vulnerabilities. For example, the M11SDV-4/8C(T)-LN4F motherboard is officially listed as "Not Affected" by the AMD-SB-4012 advisory ^[10]. Always cross-reference your specific motherboard model with the manufacturer’s latest security bulletins to confirm its status ^[1][14].

What You Can Do: Short-Term and Long-Term Solutions

Addressing high-severity vulnerabilities like AMD-SB-4004 and AMD-SB-3003 requires a layered approach depending on your hardware type and technical expertise ^[4][10]. While many modern systems have received mitigations, certain legacy components remain permanently exposed ^[14].

Beginner-Friendly Steps: BIOS and Firmware Updates

The primary method for securing an AMD system is the installation of updated AGESA PI packages, which are delivered through motherboard BIOS updates ^[1]. These updates typically contain necessary microcode changes to mitigate flaws in the AMD Secure Processor (ASP) and SEV-SNP ^[11][13].

• Check Availability: Manufacturers like Supermicro released critical updates in August 2024 and August 2025 ^[10][12].
• Verify Versions: For server environments, specific BIOS versions are required to ensure protection. For instance, H12 Rome/Milan motherboards require at least version 2.8 ^[2].
• EPYC Systems: Most H11 and H12 server boards powered by EPYC 7001, 7002, or 7003 series processors require BIOS version 3.3 for full mitigation ^[3].
• Consumer Hardware: Firmware updates are currently available for Ryzen 5000, 6000, 7000, and 8000 series processors ^[6]. Mitigations are also being released for the Ryzen 3000 standard desktop series and newer generations ^[9][15].

---

Advanced Options: Kernel Hardening and Migration

For users in high-security environments or those using Linux-based systems, hardware-level fixes can be supplemented with software hardening.

• Linux Microcode Selection: Updated kernels, such as those from SUSE, now include specific microcode patch selection fixes for Zen 5 and Strix Halo architectures ^[8]. Ensuring your distribution is running the latest stable kernel may help manage how the CPU handles entrysign revision checks ^[8].
• Architecture Migration: If your infrastructure relies on 1st, 2nd, 3rd, or 4th Generation AMD EPYC processors, upgrading to 5th Generation EPYC hardware may provide a more robust security baseline, as these newer chips are designed with updated security standards in mind ^[5][7].
• Component Isolation: Since vulnerabilities can affect the SMM, IOMMU, and ASP, advanced users may consider stricter virtualization policies to limit the potential impact of a cross-component exploit ^[11].

---

Hardware Support Compatibility Matrix

Not all hardware will receive security patches. The following table summarizes the support status for various AMD product lines based on recent advisories:

Product Family	Mitigation Status	Required Action
EPYC 7001/7002/7003	Mitigated	Update to BIOS v3.3 [3]
Ryzen 3000 (Desktop)	Supported	Install latest AGESA update [9]
Ryzen 5000–8000	Supported	Update BIOS/Firmware [6]
Radeon RX 5000 Series	No Fix Planned	Monitor for instability [14]
Radeon RX Vega/PRO VII	No Fix Planned	Risk of regression cited [14]

---

Risks and Limitations

It is important to note that updating BIOS and firmware involves inherent risks. AMD has stated that they will not release fixes for CVE-2023-31306 on certain graphics products, such as the Radeon PRO W5000 and RX Vega series ^[14]. The company determined that attempting to patch these specific vulnerabilities would pose a significant risk of system regression and instability ^[14].

Furthermore, while updates minimize risks significantly, no software or firmware patch can provide absolute security. Users should always verify the source of their BIOS files and ensure their power supply is stable during the update process to prevent permanent hardware damage.

Risks, Limits, and When to Stop

While the Sinkclose vulnerability (CVE-2023-31315) is classified with a High severity rating ^[8][10], it is not a "simple" exploit for most attackers. To utilize this flaw, an attacker must already have kernel-level access (Ring 0) to the operating system ^[3][4][5]. This means that standard OS security layers remain the first and most critical line of defense ^[11].

If a system's core security is maintained, the risk of a Sinkclose infection is significantly reduced ^[3][5]. However, the difficulty of the exploit is offset by its extreme persistence. Because the malware operates within the processor's System Management Mode, it can bypass Secure Boot and survive complete operating system reinstalls ^[1][9].

---

Applying mitigations through BIOS updates carries inherent risks that users must consider. These updates deliver updated AMD AGESA PI packages designed to patch the flaw ^[2]. However, manual BIOS updates can potentially cause system instability or lead to a "bricked" motherboard if the process is interrupted or if the firmware is incompatible.

Furthermore, some hardware will not receive these protections. AMD has stated it will not release fixes for certain products, such as the Radeon RX 5000 and PRO W5000 series, because the updates pose a significant risk of regression and system instability ^[14]. Users of older, "legacy" processors may also find their hardware left unattended ^[11][13].

---

It is important to recognize when standard troubleshooting is no longer sufficient. Because Sinkclose infections are virtually invisible to traditional antivirus tools and survive drive wipes, they are exceptionally difficult to detect ^[1][9].

Experts suggest that if a firmware-level infection is suspected, standard software-based repairs will likely fail ^[9]. In such cases, seeking professional technical assistance is recommended to determine if the hardware's integrity has been compromised. If you are unsure about performing a BIOS update, it is generally safer to consult a specialist rather than risking permanent hardware damage.

• Prerequisite: Attackers need kernel-level privileges to start the exploit ^[3][14].
• Persistence: Once active, the infection can survive OS reinstalls ^[1][9].
• Fix Limits: Mitigations are delivered via BIOS updates, but some older or specific hardware (like certain Radeon GPUs) will not receive patches ^[2][14].
• Action: If you suspect a deep, firmware-level infection, standard formatting is likely ineffective ^[9].

If you’re unsure, it’s usually cheaper to ask someone once than to fix a mistake later.

FAQ

Does the Sinkclose vulnerability affect Ryzen 3000 processors?

The impact on Ryzen 3000 series processors depends on the specific model architecture. Standard desktop processors, such as the Matisse series, were scheduled for mitigation updates starting August 20, 2024 ^[2]. While these desktop chips were initially omitted from patching plans, manufacturer decisions were later reversed to include them ^[108]. However, Ryzen 3000G series processors, alongside Ryzen 1000 and 2000 series, are currently not scheduled to receive security patches ^[3][11].

Processor Generation	Patch Status
Ryzen 3000 Desktop (Matisse)	Mitigations Released/Scheduled [1][2][108]
Ryzen 3000G Series	No Patch Planned [3]
Ryzen 1000 & 2000 Series	No Patch Planned [3][6][11]

---

Can standard antivirus software detect or remove Sinkclose?

In most cases, standard antivirus software is unable to detect or mitigate this vulnerability. This is because the flaw resides in the System Management Mode (SMM), a highly privileged execution environment that operates independently of the operating system ^[5]. Because the exploit functions at such a deep level, it can potentially survive operating system reinstalls and bypass Secure Boot ^[15]. Experts suggest that once a system is compromised at this level, the infection may be virtually unfixable without low-level firmware updates ^[8][9].

---

Why are some older AMD products left unpatched?

AMD has indicated that for certain legacy hardware, releasing a fix could lead to significant technical risks. For instance, addressing specific vulnerabilities in Radeon RX 5000, RX Vega, and PRO W5000 series graphics cards was declined due to the high risk of system regression and instability ^[14]. For older CPU generations like the Ryzen 1000 and 2000 series, the company has officially decided not to release patches, leaving these processors unattended despite the critical nature of the flaw ^[6][11].

---

How are the mitigations for these vulnerabilities delivered?

Mitigations for these security flaws are primarily delivered through updated AMD AGESA PI packages ^[4]. These packages are integrated into BIOS updates provided by motherboard manufacturers or system integrators ^[4]. For example, server motherboards such as the H12 Rome/Milan models require BIOS version 2.8 or higher to address the reported vulnerabilities ^[10]. Most H11 and H12 EPYC server motherboards require version 3.3 for mitigation ^[12].

---

Is the latest AMD hardware affected by these flaws?

The Sinkclose vulnerability reportedly affects nearly every AMD processor released since 2006 ^[8][9]. While the flaw is architectural and has persisted for decades, newer generations may have different support statuses. Industry reports suggest that Ryzen 9000 and Ryzen AI 300 series processors might have been patched at the factory before release, though this remains unverified by official documentation in some contexts ^[11]. Users are generally encouraged to verify their specific BIOS version against manufacturer advisories to confirm protection levels ^[4][12].

Summary / Key Takeaways

The identified security vulnerabilities in AMD hardware represent a significant risk profile, requiring immediate attention from system administrators and individual users alike. The following points summarize the current situation and the necessary steps for maintaining a secure environment:

• High-Severity Risks: The vulnerabilities are officially classified as High severity ^[6][7]. They impact critical platform components including the System Management Mode (SMM), AMD Secure Processor (ASP), and IOMMU ^[15].
• Update-Based Mitigations: For supported hardware, mitigations are delivered through AMD AGESA PI packages within BIOS updates ^[1]. This includes EPYC generations 1 through 5 and Ryzen 5000, 6000, 7000, and 8000 series processors ^[2][11][12].
• Legacy Hardware Exclusion: AMD will not release patches for several older product lines, including Ryzen 1000, 2000, and 3000 series processors ^[8][13]. Additionally, certain graphics cards like the Radeon RX 5000 and Vega series will remain unpatched to avoid potential system instability ^[4].
• Maintenance and Replacement: While newer models are receiving firmware fixes, users of legacy hardware may need to implement increased security vigilance or consider hardware replacement to ensure long-term protection ^[14].

Regular firmware maintenance is essential to mitigate these risks on supported platforms ^[10]. For those using older systems that are no longer supported, the inherent security risks of legacy hardware typically increase over time as new vulnerabilities are discovered without corresponding official fixes.

If you’re unsure, it’s usually cheaper to ask someone once than to fix a mistake later.

Quellen

^[1] Supermicro: AMD Security Vulnerabilities, August 2024

^[2] Supermicro: AMD Security Vulnerabilities, August 2025

^[3] SUSE: SUSE-SU-2026:20228-1: important: Security update for the Linux Kernel

^[4] AMD: AMD Graphics Vulnerabilities – August 2025 (AMD-SB-6018)

^[5] WinBuzzer: AMD Won't Fix Critical RCE Vulnerability in its AutoUpdate Software

^[6] Tom's Hardware: Security researcher says AMD auto-updater downloads software insecurely, enab...

^[7] thehackernews.com

^[8] El Chapuzas Informático: AMD confirms that its Zen 6 CPUs (Ryzen, Threadripper, and EPYC) will use FRE...

^[9] WIRED: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually ...

^[10] TechPowerUp: "Sinkclose" Vulnerability Affects Every AMD CPU Dating Back to 2006

^[11] CSO Online: AMD addresses Sinkclose vulnerability but older processors left unattended

^[12] heise online: New security vulnerabilities in various modern AMD Ryzen and Epyc processors

^[13] Lansweeper: AMD Fixes Vulnerability that Allows Malicious Microcode Injection

^[14] Security Advisory Report: AMD Sinkclose Vulnerability: Legacy CPU Support and Patching Status

^[15] AMD / Wired Tech Analysis: AMD Refuses to Fix Critical Security Flaw: Are You at Risk?

^[108] Wikipedia: Sinkclose

^[110] The Cyber Express: Sinkclose Vulnerability in AMD Chips: What You Need to Know About Unpatched M...

^[143] Tech Media Analysis: AMD Refuses to Fix Critical Security Flaw: Are You at Risk?