Sinkclose = TClose + Sinkhole.
With that vulnerability attacker with ring 0 (kernel) privileges can write code to SPI Flash to get ring -2 (ring ‘minus 2’) privileges.
No patches for old CPUs. No info about Bristol Ridge CPUs (2 - 4 Excavator CPU cores for AM4).
The newest CPUs probably have protection since release (AM5 8000 & 9000 series).
Ryzen Summit Ridge (AM4 1000 series) may get remedy via new microcode because it is similar to EPYC Naples and Snowy Owl.
For Family 17h (Zen, Zen+, Zen 2) new firmware is available for CPUs 0x8 0xF 0x0 0x1 ( Naples, Whitehaven, Summit Ridge, Snowy Owl) and 0x8 0xF 0x3 0x1 ( Rome, Castle Peak).
To get new microcode install new package ‘ucode-amd’ from 20240809. It is available for TW, expected for Leap (15.5 & 15.6).
Location of files:
for Leap /lib/firmware/amd-ucode
for TW /usr/lib/firmware/amd-ucode
You can get microcode update via BIOS update. For AM4 you need AMD AGESA Combo V2PI 1.2.0.Cb (2024-07-30). Right now 1.2.0.Ca is available.
Updates for some CPUs will be available in October 2024.
AMD promises support for old EPYC and embedded CPUs because of LTS.
AMD Picasso: support for mobile CPUs is planned, no support for desktop ones.
No support for Zen+ CPUs: Pinnacle Ridge & Colfax.
Support for desktops - since Matisse ( 3000 series, Zen 2 based, not 3200G/3400G).
Zen 3 and Zen 4 are of Family 19h, updates are available.
It uses CPUID number, which is distinct from family numbers used by AMD microcode binaries. Use cpuid or CPU-X utilities to get CPUID and another info.
Utility to extract info from microcode binaries (which is also available in Readme file):
this issue is not applicable to Chromebooks, or any devices running coreboot – the CVE is with the UEFI SMM mode access, which does not exist on Chromebooks.
UEFI systems are affected. Old non-UEFI systems are unaffected.
Legacy boot has its own drawbacks, but not that one.
CSM mode on UEFI systems: status unknown.