AMD released the CVE-2023-20587 security update on July 13, 2024.Don’t underestimate this related SPI flash design weakness! (15th Jul 2024)

Preface: SMM is the privileged mode of the processor. Like BIOS and UEFI, SMM code operates underneath the operating system. SMM has full access to physical memory, SMM-specific memory called SMRAM, MSR-specific scratchpad, the SPI flash region to read and write BIOS variables, and I/O operations. Additionally, SMM is designed to be invisible to lower privileged layers such as the operating system kernel or hypervisor.

Background: Attackers typically escalate privileges to the SMM by exploiting vulnerabilities in the SMM code. The OS calls SMM code through system management interrupts, or SMI, and passes parameters to SMI handlers using a shared memory area called the SMM Communication Buffer.

Vulnerability details: CVE-2023-20587: Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

The relevant vulnerabilities are as follows:

CVE-2023-20579: Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

CVE-2023-20576: Insufficient Verification of Data Authenticity in AGESA™ may allow an attacker to update SPI ROM data potentially resulting in denial of service or privilege escalation.

CVE-2023-20577: A heap overflow in SMM module may allow an attacker with access to a second vulnerability that enables writing to SPI flash, potentially resulting in arbitrary code execution.

Official announcement: Please refer to the vendor announcement for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.