AMD Processors System Management Mode Vulnerability Allowing Execution of Attacker-Controlled Code

A vulnerability exists in various AMD processors, including EPYC, Ryzen, and Athlon series, where a System Management Mode (SMM) handler may call code from non-SMM or untrusted memory. This flaw could enable a highly privileged attacker, with active user interaction and under specific complex conditions, to execute attacker-controlled code in SMM. Such an action could potentially compromise the system's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code in System Management Mode, allowing a highly privileged attacker to manipulate system processes and potentially compromise the overall security and stability of the system.

Remediation

Users are advised to update to the latest Platform Initialization (PI) firmware version available for their specific processor series. For AMD EPYC processors, the relevant PI versions have been released to Original Equipment Manufacturers (OEMs). Please contact the OEM for the appropriate BIOS update. For AMD Ryzen processors, similar guidance applies, with specific update versions listed in the official AMD security bulletin.