close
close

20-year-old hardware defect found in AMD chips

20-year-old hardware defect found in AMD chips
Posted on | Posted on Theodore

Researchers from IOActive presented a decades-old vulnerability in AMD processors at the Def Con security conference.

Research team Enrique Nissim and Kryzsztof Okupski explained that the vulnerability could potentially allow an attacker to disable critical memory protection features in the Ryzen and Epyc CPU lines, potentially allowing an administrator account to penetrate to the firmware level and give a local attacker virtually complete control over the target system’s firmware.

(For current Black Hat USA coverage from SC Media, Security Weekly, and CyberRisk TV, visit our Black Hat USA 2024 coverage spotlight page.)

The vulnerability, known as CVE-2023-31315, is said to be present in hundreds of server and PC processor series and occurs in chips that are up to 20 years old.

The bug itself is the result of a bug in System Management Mode, a firmware-level state in which the operating system is not running. Typically, AMD chips use a tool called SMM Lock to prevent code running locally on the computer from accessing SMM.

The researchers at IOActive found that the SMM lock protection can be bypassed under certain conditions. In this case, an attacker with ring-0 privileges (i.e. administrator level) could enter the machine’s “god mode”.

Technically, the flaw is an elevation of privilege. It should be noted that it cannot be attacked remotely or through a regular user account. If an attacker can access the components required to execute the exploit, they have already effectively hacked the target system.

Where it might come into play, however, is in establishing persistence on the target machine. By being able to execute commands in SMM mode, the attacker can effectively reinstall the operating system with a version of their choosing and regain control even after an administrator has wiped and reinstalled an infected machine.

What’s also notable about the vulnerability is that it is believed to be present in hundreds of AMD processor models. The researchers say that the configurations that exhibit the flaw are widespread in most AMD systems from the last 20 years.

A patch is available for this bug and both AMD and IOActive advise users and administrators to upgrade as soon as possible.

Hardware-level bugs are particularly serious because not only are they difficult to patch, but fixing them often requires disabling key features of the CPU, which has a significant impact on performance.

Fortunately, the bug appears to have been fixed without any significant impact. Nissim, senior security advisor at IOActive, told CyberRisk Alliance that the AMD patch should not have any noticeable impact on the chip’s performance.

(For current Black Hat USA coverage from SC Media, Security Weekly, and CyberRisk TV, visit our Black Hat USA 2024 coverage spotlight page.)

Leave a Reply

Your email address will not be published. Required fields are marked *