Ampere AmpereOne AC03, AC04, and M UEFI-MM Driver Buffer Overflow Vulnerability

A buffer overflow vulnerability has been identified in Ampere AmpereOne AC03 devices prior to 3.5.9.3, AmpereOne AC04 devices prior to 4.4.5.2, and AmpereOne M devices prior to 5.4.5.1. The vulnerability arises from an incorrectly formed SMC call to the UEFI-MM MMCommunicate service, which can lead to an out-of-bounds write within the UEFI-MM Secure Partition context, potentially causing memory corruption in Secure or Non-Secure memory. This could disrupt system operations or, in some cases, escalate privileges.

Impact

Exploitation of this vulnerability causes a buffer overflow, leading to an out-of-bounds write that corrupts memory. This memory corruption is limited to areas mapped to the UEFI-MM Secure Partition by the Secure Partition Manager, and could result in a system hang or privilege escalation.

Remediation

Users are advised to update to AmpereOne AC03 version 3.5.9.3 or newer, AmpereOne AC04 version 4.4.5.2 or newer, and AmpereOne M version 5.4.5.1 or newer.