Vulnerability Disclosure:
Supermicro is addressing the security vulnerability in H11, H12, and H13 generations of products where it may be possible for an attacker with root access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.
CVE:
- CVE-2022-31315
- Severity: High
Findings:
AClose and TClose configuration bits of the model specific register (MSR SMM TSeg Mask) may not be protected by SMM lock and could be set by the OS kernel before triggering a system management interrupt (SMI).
This behavior could theoretically be exploited by an attacker with ring0 access to modify SMM configuration, despite SMM lock being enabled. In this scenario, the researchers believe the CPU will attempt to save its current state in the SMM save-state area which, based on the configuration of AClose and Tclose, will decode to memory-mapped I/O (MMIO) space. If this happens, they believe an attacker could take steps to modify the Global Descriptor Table (GDT) and potentially gain arbitrary code execution.
Affected products:
| AMD Motherboard Generation | BIOS Version with the fix |
|---|---|
| H11 - Naples/Rome | v 3.0 |
| H12 - Rome/Milan | v 3.0 |
| H13 - Genoa | v 1.9 |
| H13 - Siena | v 1.2 |
| AMD Motherboard | BIOS Version with the fix |
|---|---|
| M11SDV-4/8C(T)-LN4F | TBD |
| M12SWA | TBD |
| H13SAE-MF | v 1.3 |
| H13SRD-F | v 1.3 |
| H13SRE-F | v 1.0 |
| H13SRH | v 1.3 |
| H13SRA-TF/H13SRA-F | v 1.3 |
Remediation:
- All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
- An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.