AMD Processors Trusted Execution Environment Vulnerability Allowing Memory Overlap and Integrity Loss

A vulnerability exists in the Trusted Execution Environment (TEE) of AMD processors, including certain Ryzen and Athlon mobile and desktop series, as well as embedded processors. This vulnerability stems from a failure to properly validate addresses and sizes, which could enable a malicious x86 attacker to send malformed messages to the graphics mailbox. Such actions may cause an overlap of a Trusted Memory Region (TMR) previously allocated by the ASP bootloader, potentially leading to unauthorized memory access and a loss of integrity.

Impact

Exploitation of this vulnerability could result in an overlap of a Trusted Memory Region (TMR) that was previously allocated by the ASP bootloader, leading to a potential loss of integrity.

Remediation

Users are advised to update to the latest Platform Initialization (PI) firmware version or AMD Software version available for their specific processor. For AMD Radeon graphics drivers, refer to the AMD Radeon Graphics Cards tables for the appropriate version.