In a background briefing to WIRED, AMD emphasized the difficulty of exploiting Sinkclose. To exploit the vulnerability, a hacker would need to already have access to a computer’s kernel, the core of the operating system. AMD likened Sinkhole’s technique to a way to gain access to a bank safe deposit box by bypassing the alarm, security guard and vault door.
Nishim and Okupski counter that exploiting SyncClauses requires kernel-level access to a machine, but such vulnerabilities are disclosed almost monthly for Windows and Linux. They argue that sophisticated state-sponsored hackers who could use SyncClauses likely already have the techniques to exploit known or unknown vulnerabilities. “There are kernel exploits for all these systems right now,” Nishim says. “They exist and they’re available to attackers. This is the next step.”
IOActive researchers Krzysztof Okupski (left) and Enrique Nissim.Photo: Roger Kisby
Nissim and Okupski’s Sinkclose technique works by taking advantage of a little-known feature in AMD chips called TClose. (The name Sinkclose is actually a combination of the terms TClose and Sinkhole, the name of an earlier System Management Mode exploit found in Intel chips in 2015.) On AMD-based machines, a safeguard called TSeg prevents the computer’s operating system from writing to protected parts of memory that are supposed to be reserved for System Management Mode (System Managed Random Access Memory, or SMRAM). However, AMD’s TClose feature is designed to keep the computer compatible with older devices that use the same memory addresses as SMRAM, and when enabled, it remaps other memory to those SMRAM addresses. Nissim and Okupski discovered that, using only operating system level privileges, they could use the TClose remapping functionality to trick the SMM code into retrieving altered data and redirect the processor to run their own code at the SMM level with the same elevated privileges.
“I think this is the most complicated bug I’ve ever exploited,” Okupski says.
Nishim and Okupski, who specialize in the security of low-level code like processor firmware, said they first decided to look into AMD’s architecture two years ago because they felt it hadn’t been subjected to enough scrutiny compared to Intel, despite its growing market share. They discovered the critical TClose edge case that allowed Sinkclose simply by repeatedly re-reading AMD’s documentation. “I think we read the page that described the vulnerability about 1,000 times,” Nishim said. “And we noticed it on the 1,001st day.” They alerted AMD to the flaw in October of last year, but waited nearly 10 months to give AMD time to prepare a fix.
For users who want to protect themselves, Nishim and Okupski said that for Windows machines (which are likely the majority of affected systems), the Sinkclose patch will be integrated into updates that computer manufacturers share with Microsoft, and that they expect Microsoft to include it in future operating system updates. Patching for servers, embedded systems, and Linux machines is likely to be more piecemeal and manual, and in the case of Linux machines, will depend in part on the distribution of Linux installed on the computer.
Nishim and Okupski say they’ve agreed with AMD not to release proof-of-concept code for the Sinkclose exploit for the next few months to give them time to fix the problem. But they argue that AMD and others’ attempts to downplay Sinkclose as too difficult to exploit shouldn’t prevent users from applying the patch as soon as possible. Advanced hackers may have already discovered their method, or they may figure it out after Nishim and Okupski present their discovery at Defcon.
IOActive researchers warn that even though Sinkclose requires a relatively deep level of access, the much deeper level of control it provides means that potential targets shouldn’t wait for an available fix to run. “Once the foundation is breached, the security of the entire system is breached,” Nissim says.
