New Sinkclose AMD processor defect

rw999 · 16 August 2024 22:03

Are there plans to add this defect to the “Processor Vulnerability Mitigations” screen? I’m not sure if this is anything IPFire would deal with.

bonnietwin · 17 August 2024 08:41

Hi @rw999

Welcome to the IPFire community.

Any fix that AMD supply into the Linux Firmware will get implemented on IPFire.

You will also need to update your motherboard BIOS with any fix supplied by AMD.

AMD have already said that they will not provide fixes for processors that are EOL for support, which is the same that Intel have been doing with their fixes.

However, also bear in mind that for an attacker to implement an attack using this flaw they would need to have kernel level access to your system, which would mean they could already do anything they want -
read, modify, erase, and snoop, everything on the computer.

The flaw will show up on the Processor Vulnerability Mitigations screen when it is put into the kernel as an vulnerability type. Likely that will also then be implemented in earlier kernel versions.

EDIT:-
AMD will not be doing patch fixes for Ryzen 1000, 2000 & 3000 processors.

rw999 · 17 August 2024 18:04

Thanks for the quick response.

pike_it · 20 August 2024 10:39

At this date, and according to this page

(i did not find a way to archive it at present date)
AMD acknowledged not only for the vulnerability, but also for mitigation for Ryzen 3000 series.

IMO, unfortunately, the mix of different core generations on 3000 series might lead to some… “mixed results”. Some 3000 CPUs have Zen2 and not Zen3 cores.

bonnietwin · 20 August 2024 10:50

If they are going to provide mitigation for all or some Ryzen 3000 CPU’s then if they put it into the firmware then it will be included in IPFire. If they do it only as a bios update for OEM suppliers of motherboards then hopefully the motherboard suppliers will issue a bios update for users to install.

pike_it · 20 August 2024 11:03

FWIW, in my experience OEMs like Gigabyte or Asus (which realize/sell mainboards with its own name) are still publishing bios updates for old boards (Gigabyte examles, B450 D3SH and B450 S2H).
I won’t bet a dime on other brands who delivers the full product as commercial brand (Dell, HP, Fujitsu, Lenovo) when the “whole product” is out of support.