Preface: AMD EPYC™ Processors power the highest-performing x86 servers for the modern data center, on prem and in cloud environments, across industries.
Background: Model-specific registers (MSR) are control registers provided by the processor implementation so that system software can interact with a variety of features, including performance monitoring, checking processor status, debugging, program tracing or toggling specific CPU features.
Intel and AMD may use the same MSR for the same feature, such as the IA32_LSTAR MSR register.
When it came to the Intel Pentium processor, Intel officially introduced two instructions, RDMSR and WRMSR, for reading and writing the MSR temporary register. At this time, MSR was officially introduced. When the RDMSR and WRMSR instructions were introduced, the CPUID instruction was also introduced. This instruction is used to indicate which functions are available in a specific CPU chip, or whether the MSR registers corresponding to these functions exist. The software can query a certain function through the CPUID instruction. Whether these functions are supported on the current CPU.
Vulnerability details: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Ref: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.
Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html