Security Focus on SMU Mailbox (CVE-2021-26331) -16th Nov 2021

Preface: Quick way to understand difference in between Ryzen and EPYC (see below):

About Ryzen: Some said, Ryzen CPUs are best suited for gaming PCs.
However, AMD has announced its newest range of mobile chips,
the Ryzen 5000 mobile series, which it claims will be used in 1500 devices during 2021.

About EPYC: AMD and Google Cloud have announced the beta availability of Confidential Virtual Machines (VMs) for Google Compute Engine powered by 2nd Gen AMD EPYC processors, taking advantage of the processors’ advanced security features.

Background: The system management unit (SMU) is a sub-component of the northbridge that is responsible for a variety of system and power management tasks during boot and runtime. The SMU contains a micro-controller to assist. The micro controller can be interrupted to cause it to perform several initialization and runtime tasks. BIOS and ACPI methods can interrupt the SMU to request a specific action.

Ref: It is worth mentioning that AMD’s SMU mechanism. SMU is the system management unit. When silent, the power consumption of Ryzen is controlled by SMU. The management functions of SMU include power consumption, current, temperature limiter, voltage controller and power consumption. Threshold etc. The voltage we see in the overclocking software is the upper limit voltage of the processor considered by SMU.
For example, the 1.35V voltage we see in the overclocking software is actually equivalent to a voltage of about 1.2V.

Vulnerability details: CVE-2021-26331 – Certain versions of 1st Gen AMD EPYC from AMD contain the following vulnerability:

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Speculation: Each CPU class has completely different function/command IDs for the SMU. The standard mechanism will do a search. A design weakness occurs becuase the input validation feature do not contain on source file (smu[.]c). Therefore, it provides a possibilities to a malicious user send a command. As a result, to manipulate mailbox entries leading to arbitrary code execution.

Headline news – AMD reveals an Epyc 50 flaws – 23 of them rated high severity , said theregister[.]com. Official details please refer to the link – https://web.archive.org/web/20211112012410/https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.