AMD Processors Denial-of-Service Vulnerability via Direct Memory Write Flooding

A denial-of-service vulnerability has been identified in various AMD processors, including EPYC, Athlon, Ryzen, and Ryzen Embedded series. The issue arises from improper handling of direct memory writes in the input-output memory management unit, allowing a malicious guest virtual machine (VM) to flood the host with writes. This could trigger a fatal machine check error, causing a crash that disrupts all co-located guest VMs.

Impact

Exploitation of this vulnerability can lead to a host system crash, triggered by a fatal machine check error caused by an excessive flood of malformed System Management Interrupts (SMIs) from a guest VM. This crash can create a denial-of-service condition for all guest VMs running on the affected host.

Remediation

AMD has released mitigations for this vulnerability in the Platform Initialization (PI) or Secure Encrypted Virtualization (SEV) firmware versions for EPYC processors. However, for Athlon and Ryzen processors, no fix is planned. Users should contact their Original Equipment Manufacturer (OEM) for the specific BIOS update related to this vulnerability.