TUXEDO OS update closes sinkclose gap in AMD processors - TUXEDO Computers

  ATTENTION: To use our store you have to activate JavaScript and deactivate script blockers!  
Thank you for your understanding!

TUXEDO OS update closes sinkclose gap in AMD processors

Security researchers at IOActive have uncovered a critical vulnerability in AMD CPUs that has existed for nearly two decades and affects countless processors. The vulnerability, known as Sinkclose, allows attackers to execute software in System Management Mode (SMM), a particularly privileged mode that is invisible to the operating system and other applications.

System Management Mode is typically used for low-level operations such as controlling hardware components or power management and operates at the highest protection ring, ring -2. Attackers could exploit the sinkhole to install bootkits that are invisible to the operating system or antivirus software and grant them full access to the system.

Sinkclose security vulnerability in AMD processors

Such a malware infection is not only difficult to detect, but also extremely time-consuming to remove. According to IOActive, removing the malware requires the use of a special hardware-based programming tool, the SPI Flash Programmer, to scan the memory directly. In the worst case scenario, this could result in the affected computer possibly no longer being fully functional

Although exploiting the Sinkclose vulnerability (CVE-2023–31315) is not easy due to its complexity and would require local root privileges, the researchers warn that new vulnerabilities are regularly discovered that allow the necessary kernel access. Attacks that grant kernel-level access are particularly relevant for state-sponsored hackers.

AMD provides a list of affected CPUs on its website, with updates already available for some Epyc, Athlon, and Ryzen processors. However, not all impacted processors will receive an update: the Ryzen 1000, 2000, and 3000 series are excluded, as reported by the German IT blog Computerbase. AMD states that these processors will no longer be supported due to their age; the Ryzen 1000 was released in 2017.

Update 21.08.2024: According to the British magazine The Register, AMD has decided to provide patches for Ryzen 3000 CPUs after all due to public pressure. However, the decision remains in place for older CPUs from the Ryzen 1000 and 2000 series. These processors will not be patched.

Updates already integrated in TUXEDO OS

Updates are already available for Linux that mitigate the error. They must be integrated into the system by the distributors. This has already been done for TUXEDO OS and other major Linux distros such as Debian or Ubuntu. The updates are included in the amd64-microcode package, which is automatically installed with the usual updates on your computer installed with TUXEDO OS.

For a final bug fix, the system requires a BIOS/firmware update provided by AMD and the motherboard manufacturers. We will keep you informed about this via This Week in TUXEDO OS and our Newsletter.

The update of amd64-microcode closes the security hole in TUXEDO OS caused by the Sinkclose bug.
The update of amd64-microcode closes the security hole in TUXEDO OS caused by the Sinkclose bug.

Changelog: amd64-microcode

  • Update package data from linux-firmware 20240709–141-g59460076 (closes: #1076128)
  • SECURITY UPDATE: Mitigates „Sinkclose“ CVE-2023–31315 (AMD-SB-7014) on AMD Epyc processors: SMM lock bypass - Improper validation in a model specific register (MSR) could allow a malicious program with ring 0 access (kernel) to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. Note: a firmware update is recommended for AMD Epyc (to protect the system as early as possible). Many other AMD processor models are also vulnerable to SinkClose, and can only be fixed by a firmware update at this time.
  • Updated Microcode patches:
    • Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f
    • Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c
    • Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a
    • Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248
    • Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215
    • Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238
    • Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148
    • Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5
  • README.Debian: „late“ microcode updates are unsupported in Debian (closes: #1074514)
  • postinst: use dpkg-trigger to activate update-initramfs, this enables dracut integration (closes: #1000193)
  • postrm: activate the update-initramfs dpkg trigger on remove/purge instead of always executing update-initramfs directly, just like it was done for postinst in 3.20240710.1: call update-initramfs directly only if the dpkg-trigger activation call fails

Service & Support

Welcome to TUXEDO Support - how can we help you?

Linux at TUXEDO

Are you wondering if Linux is right for you? Our team will be happy to answer your questions and explain details about the free operating system at TUXEDO.
Let the advantages and services convince you!

Hardware

Notebook, PC, both - and which model? Our technical service team also provides advice on selection, equipment and puts together suitable offers for your technical requirements.

Questions and Answers

In addition to consulting on Linux on TUXEDO devices, our technical service team is of course also available for all other questions about Linux at TUXEDO.


Find out more

Instructions and Tips

Most situations can be solved quickly and easily by yourself. This saves you time and you can use your device directly again. We provide you with instructions, first steps and short tips for all TUXEDO models.


Find out more

System Recovery

Even in the case of a case, you don't have to rely on us: Your device can be reset to the factory settings - completely automatically! Everything is included with your order and you can get started right away.


Find out more

Technical Service

Our competent technicians are also happy to help with service requests. You have different possibilities to contact us. We are personally there for you Monday to Friday from 9 am to 1 pm and from 2 pm to 5 pm. But also outside these times you can contact our team with your request by e-mail.
An extra function is available in your customer account for repair requests (RMA).

 

Contact

We are personally there for you Monday to Friday from 9 am to 1 pm and from 2 pm to 5 pm (German time). But also outside these times you can contact our team with your request by e-mail. Please include your customer number, the model name of your laptop or PC and as detailed a description of your request as possible. The more details you give us, the faster we can process your request!

We might not be able to answer questions about third party hardware or software. For questions about popular open source software (Thunderbird, Filezilla...) please contact a forum e.g. ubuntuforums.org. The research effort for application specific setup is immense and not manageable at the current time. Basic compatibility questions e.g. are of course still welcome!

An extra function is available in your customer account for repair requests (RMA).

 

Shipping costs & delivery times

We ship your order to almost all countries, in Europe mostly even free of charge! The respective shipping costs and the cost threshold above which we will cover the costs for you can be found here or for international shipping in the table below.

 


Free shipping within Germany

There are no shipping costs within Germany for goods worth €100 or more.

 

7.99 € shipping cost at max!

No matter how many small articles you order, such as USB stick card reader, LAN adapters or fan articles, with us, you pay a maximum of 7.99 € shipping costs.

  • 7.99 € shipping fee for all orders below 100 € of goods
  • Free shipping from 100 € total value of goods

You can check all occurring shipping costs or if we even deliver for free right before sending your order!

 


International delivery

Here are the shipping costs as well as the amount threshold for your order. The threshold is referring to the total amount of your order, which enables free shipping.

⚠️ Countries to which we unfortunately cannot ship, and information on how you can still order from us, can be found here!

 

Country Shipping Fee Free Shipping From
Albania 99,00 EUR -
Andorra 59,00 EUR -
Belarus Temporarily no delivery possible 59,00 EUR -
Belgium 8,49 EUR 100 EUR
Bulgaria 15,99 EUR 160 EUR
Denmark 8,49 EUR 100 EUR
Estonia 15,99 EUR 160 EUR
Faroe Islands 129,00 EUR -
Finland 14,99 EUR 150 EUR
France 9,99 EUR 120 EUR
Greece 22,90 EUR -
United Kingdom 9,99 EUR 120 EUR
Hong Kong 199,00 EUR -
India 199,00 EUR -
Ireland 14,99 EUR 150 EUR
Island 129,00 EUR -
Italy 9,99 EUR 120 EUR
Japan 99,00 EUR -
Canada 99,00 EUR -
Croatia 34,90 EUR 500 EUR
Latvia 15,99 EUR 160 EUR
Lithuania 15,99 EUR 160 EUR
Luxembourg 8,49 EUR 100 EUR
Macau 199,00 EUR -
Malta 34,90 EUR 500 EUR
Macedonia 59,00 EUR -
Moldova 199,00 EUR -
Monaco 19,00 EUR -
Montenegro 99,00 EUR -
Netherlands 8,49 EUR 100 EUR
Norway 14,99 EUR 150 EUR
Austria 8,49 EUR 100 EUR
Poland 15,99 EUR 160 EUR
Portugal 14,99 EUR 150 EUR
Romania 15,99 EUR 160 EUR
San Marino 9,99 EUR 120 EUR
Sweden 14,99 EUR 150 EUR
Switzerland 13,99 EUR 150 EUR
Serbia 34,90 EUR 500 EUR
Singapore 199,00 EUR -
Slovakia 15,99 EUR 160 EUR
Slovenia 15,99 EUR 160 EUR
Spain (without Canary Islands) 14,99 EUR 150 EUR
Czech Republic 15,99 EUR 160 EUR
Ukraine Temporarily no delivery possible 129,00 EUR -
Hungary 15,99 EUR 160 EUR
USA including Hawaii 99,00 EUR -
United Arabic Emirates 199,00 EUR -
Cyprus 34,90 EUR 500 EUR
Qatar 199,00 EUR -

For orders outside the EU there might be additional duties, taxes or charges needed to be paid by the customer. These don't have to be paid to the supplier, but to local authorities. Please check for any details with your local customs or tax authorities before ordering! But as a benefit you don't have to pay German taxes, this means you save up to 19%!
Due to the Brexit and the associated changes, there may be delays of several days in customs clearance on site for deliveries to the UK. This is not within our sphere of influence, so we ask for your understanding.

 


Time of delivery

If not stated differently in the article's description, we deliver goods in:

  • 7-10 working days within Germany
  • 10-12 working days outside Germany

For orders paid in advance, the delivery time starts with receipt of the payment. Please keep in mind that there is no delivery on Sundays or on holidays.
For goods delivered as download, there will be no shipping fees due.
Access data for downloads are sent out via e-mail 1-3 working days after contract formation. For orders with advanced payment, we will deliver after receiving the payment. You can download the item by using the link sent to you via e-mail.

Self-pick-up of orders is not possible, unfortunately.