Researchers have published a report on an older vulnerability in AMD processors that could potentially allow an attacker to disable critical memory protections in the Ryzen and Epyc CPU lines, potentially allowing an admin account to elevate into the firmware level that allows complete takeover.
The vulnerability, tracked as CVE-2023-31315 present in hundreds of server and PC processor lines and is present in chips dating as far back as 20 years.
The flaw stems in System Management Mode, a firmware level state in which the OS is not running. Usually the AMD chips use a tool called SMM Lock to prevent any code running locally on the machine from being able to access SMM that is considered elevation of privilege, and it should be noted that it is not something that could be targeted remotely or via a common user account.
If an attacker can access the components needed to perform the exploit, they have already effectively pwned the target system.
By being able to run commands in SMM mode, the attacker can effectively reinstall the OS with a version of their choosing and re-establish control even after an administrator wipes and reinstalls on an infected machine.
The vulnerability is that it is believed to be prevalent in hundreds of models of AMD processors. The researchers say that the configurations that expose the flaw are prevalent in the majority of AMD-powered systems deployed over the last 20 years.
The flaw appears to have been resolved without a significant impact. This research was documented by researchers from IOActive
