Vulnerabilities in AMD EPYC Processors Allow Arbitrary Code Execution

AMD has announced the discovery of six vulnerabilities in EPYC processors of various generations. Some of these “holes” can be used to execute arbitrary code on the attacked system.

The most dangerous are vulnerabilities CVE-2023-31342, CVE-2023-31343 and CVE-2023-31345, which received 7.5 points (High) out of 10 on the CVSS scale. The problems are related to incorrect validation of input data in the SMM (System Management Mode) handler. Successful exploitation of the “holes” allows an attacker to overwrite SMRAM, which can potentially lead to arbitrary operations.

The CVE-2023-31352 flaw with a CVSS rating of 6.0 (Medium) is related to the AMD SEV (Secure Encrypted Virtualization) protection mechanism, which is used in virtualization systems. The error allows an attacker to read unencrypted memory, which can lead to the loss of guest data.

Image Source: AMD

CVE-2023-20582 with a CVSS rating of 5.3 (Medium) affects AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology. An attacker can bypass the RMP (Reverse Map Table) check, which can lead to loss of memory integrity of a virtual machine.

Finally, the CVE-2023-20581 vulnerability, with a low severity rating of CVSS 2.5 (Low), is related to an access control error in the IOMMU (Input/Output Memory Management Unit). A privileged attacker can bypass the RMP check, which will lead to the loss of guest memory integrity.

The vulnerabilities affect EPYC Milan and Milan-X, EPYC Genoa and Genoa-X, and EPYC Bergamo and Siena processors. The necessary fixes have already been released: to fix the problems, you need to update the firmware. We will add that a dangerous vulnerability in microcode signature verification for AMD processors on the Zen1 to Zen4 architecture was previously identified. Successful exploitation of this “hole” can lead to a loss of privacy protection.