AMD CPU Flaws Enable SMM-Level Code Execution

AMD has announced the resolution of six vulnerabilities in their processors AMD EPYC and AMD Ryzen. The most critical vulnerabilities (CVE-2023-31342, CVE-2023-31343, CVE-2023-31345) have the potential to allow code execution at the SMM (System Management Mode) level, which has higher priority than the hypervisor and zero protection ring. Exploiting SMM compromise can provide unlimited access to system memory and control over the operating system. These vulnerabilities stem from the lack of proper validation of input data in the SMM processor, enabling attackers to overwrite the contents of the SMRAM. Details regarding the attack method have not been disclosed.

Other vulnerabilities include:

  • CVE-2023-31352: An error in the firmware of the AMD SEV (Secure Encrypted Virtualization) mechanism, used in virtual machines to protect them from interference from the hypervisor or host system administrator. Similar to a previously addressed vulnerability in February, this issue allows an administrator with host monitoring access to potentially read sensitive guest system data.
  • CVE-2023-20582: Bypassing RMP (Reverse Map Table) checks when using SEV-SNP expansion designed for secure handling of nested memory page tables. An administrator attacker can exploit this to create conditions for PTE (Page Table Entry) faults and compromise virtual machine memory integrity.
  • CVE-2023-20581: An Immu access control error that permits a privileged attacker to evade RMP checks and compromise guest system integrity.

These vulnerabilities affect 3rd and 4th generation AMD Epyc server processors, AMD EPYC 7003 and 9004 series CPUs, AMD Ryzen Embeded R1000, R2000, 5000, 7000, V2000, and V3000, AMD Ryzen desktop series 3000, 4000, 5000, 7000, and 8000, as well as the AMD Athlon 3000.

/Reports, release notes, official announcements.