AMD CPUs impacted by 18-year-old SMM flaw that enables firmware implants

AMD has issued microcode updates for a wide range of server and desktop CPUs to address a vulnerability that could allow attackers to bypass protections for the System Management Mode (SMM) and execute malicious code in the low-level firmware outside of the OS. The flaw could be used to deploy stealthy boot-level rootkits in UEFI that are very hard to detect or remove.

The vulnerability (CVE-2023-31315) impacts nearly all AMD EPYC series and Ryzen series CPUs and was discovered by researchers from security firm IOActive who plan to present their research in a talk at the DEF CON conference this weekend. The vulnerability, which IOActive refers to as “AMD Sinkclose,” is rated high severity and is described as a privilege escalation from ring 0 (OS kernel) to ring -2, the most privileged execution mode on a computer.

“This hardware-level issue has gone unnoticed for nearly two decades (possibly longer) and likely encompasses hundreds of millions of laptops, desktops, and servers,” IOActive said in an announcement shared with CSO. “IOActive’s researchers say this vulnerability is nearly impossible to fix in computers that aren’t configured correctly — which is the case for most systems.”

Bypassing SMM mode locks

SMM is an operating mode of the CPU where normal execution is suspended and the processor executes special firmware code inside protected memory that should only be accessible from this mode. SMM is called during a computer’s early boot process from the UEFI firmware to load proprietary drivers and chipset configurations or to configure features such as power management. It is then supposed to be locked when UEFI and OS bootloaders subsequently take over.

When a CPU hasn’t entered into SMM, the memory controller no longer allows access to SMRAM, the special region of physical memory allocated to the SMM. However, IOActive researchers found a way to bypass this lock by taking advantage of certain MSR registers that AMD CPUs provide and that are accessible from ring 0 and are not read-only even when the SmmLock bit is set.

“Improper validation in a model specific register (MSR) could allow a malicious program with ring 0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution,” AMD wrote in an advisory published Friday.

Deploying low-level malware implants

Once an attacker manages to execute malicious code inside the SMM they could potentially inject a persistent malware implant inside the UEFI, but this depends on the platform’s configuration, as UEFI can have additional protections such as AMD’s ROM Armor, which controls access to the SPI flash memory where UEFI is stored.

However, ROM Armor is a newer feature and does not exist in most computers impacted by the vulnerability. Another feature that could prevent malware inside the UEFI is Platform Secure Boot, which establishes a cryptographic chain of trust for UEFI firmware code; but this is not present or enabled in all systems either.

Even if these features are enabled, attackers could at the least break Secure Boot, which is meant to protect the integrity of the OS boot process and only allow signed bootloaders to execute. By defeating Secure Boot, attackers can deploy a boot-level rootkit, or bootkit, that will execute before the OS kernel starts and take control over the entire system, being able to hide processes and files from any OS-level endpoint security product.

The researchers also point out that Platform Boot Security can be disabled permanently once a system is compromised, leaving it vulnerable to firmware implants forever.

Mitigations

AMD has released CPU microcode updates for a wide range of impacted CPUs, but not all of them, because some have reached end-of-life. For example, no fix is planned for ​​AMD Ryzen 3000 Series Desktop Processors. Also, some embedded CPUs have an expected patch release date in October.

CPU microcode updates can be applied by the OS early in the boot process, but this is not a persistent fix. The more permanent fix is for motherboard vendors to issue UEFI firmware updates that contain the new microcode. However, considering how long this vulnerability has existed, many motherboards in computers with AMD CPUs might have reached end-of-life and will no longer get firmware updates.