CONFERENCE | Aug 10, 2024

DEF CON Official Talk | AMD Sinkclose: Universal Ring-2 Privilege Escalation | Las Vegas, NV

Check out this Official DEF CON talk from Enrique Nissim, Principal Security Consultant at IOActive, and Krzysztof Okupski, Associate Principal Security Consultant at IOActive, “AMD Sinkclose: Universal Ring-2 Privilege Escalation.”

System Management Mode (SMM) is one of the most powerful execution modes in the x86 architecture and code at this level is invisible to the Hypervisor and OS-level protections, including anti-cheat engines and anti-virus systems. While the BIOS ecosystem’s complexity has led to a multitude of vulnerabilities in firmware over time, vendors are now making strides in delivering patches with greater speed and efficiency. Unfortunately, these efforts are not enough in the presence of a CPU vulnerability.

When researching the AMD processor, our team noticed a flaw in one of the critical components required for securing SMM. This silicon-level issue appears to have remained undetected for nearly two decades.

This presentation starts by providing an introduction to SMM and the security mechanisms that the AMD processor provides to support it. Subsequently, it delves into the CPU design flaw and the complete methodology and engineering used to create a universal ring -2 privilege escalation exploit.

Back to the Future with Platform Security by Krzysztof Okupski

The Memory Sinkhole – Unleashing An X86 Design Flaw Allowing Universal Privilege Escalation by Christopher Domas