Firmware Manipulation Vulnerability in Ryzen and EPYC – PC Watch

Security vendorsIOActiveteeth,AMDA guest memory vulnerability called “Sink Close” has been discovered in Ryzen, EPYC, etc. that could allow BIOS manipulation. The CVE (Common Vulnerability Identifier) ​​is CVE-2023-31315, and the risk rating is 7.5.

This vulnerability allows an attacker with Ring 0 privileges to access SMM (System Management Mode), which has higher privileges that are not normally accessible from the operating system. Even if the SMM lock is on, it will be bypassed.

This is caused by insufficient validation of the entry in the Model Specific Register (MSR). Once in the SMM, an attacker can embed malware deep into the firmware and execute arbitrary code without the operating system noticing. This makes the virus extremely difficult to remove, and IOActive researchers warn in an article for WIRED, “Once infected, you have to get rid of your computer.”

AMD has addressed this vulnerability with a Platform Configuration (PI) update. PI is essentially provided via an OEM BIOS update, but there are no plans to fix the Ryzen 3000 series desktops (codenamed Matisse), and the fix is ​​for the Ryzen 4000 (Renoir) and 5000 (Vermeer) series and later.

On the other hand, for mobile, we plan to fix Ryzen 3000 (Picasso) and later. We also plan to fix HEDT Ryzen Threadripper 3000/7000 series and Ryzen Threadripper PRO/PRO 3000WX series for workstations and embedded products.

In addition to PI updates, EPYC Gen 1/2/3/4 servers also provide microcode that does not require firmware updates as a mitigation option.

Researchers say the vulnerability has been around for decades, and even CPUs manufactured in 2006 or earlier are affected, but AMD says it has fixed it for the Ryzen 3000 desktop. Since there's no mention of earlier processors, there's little hope of a fix. Please be careful when using operating systems with older AMD CPUs.