メインコンテンツに移動
AMD Security Bulletin AMD-SB-7014, August 2024

Vulnerability Disclosure:

Supermicro is addressing the security vulnerability in H11, H12, and H13 generations of products where it may be possible for an attacker with root access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.

CVE:

  • CVE-2022-31315
    • Severity: High

Findings:

AClose and TClose configuration bits of the model specific register (MSR SMM TSeg Mask) may not be protected by SMM lock and could be set by the OS kernel before triggering a system management interrupt (SMI).

This behavior could theoretically be exploited by an attacker with ring0 access to modify SMM configuration, despite SMM lock being enabled. In this scenario, the researchers believe the CPU will attempt to save its current state in the SMM save-state area which, based on the configuration of AClose and Tclose, will decode to memory-mapped I/O (MMIO) space. If this happens, they believe an attacker could take steps to modify the Global Descriptor Table (GDT) and potentially gain arbitrary code execution.

Affected products:

Server Products
AMD Motherboard GenerationBIOS Version with the fix
H11 - Naples/Romev 3.0
H12 - Rome/Milanv 3.0
H13 - Genoav 1.9
H13 - Sienav 1.2
Client Products
AMD MotherboardBIOS Version with the fix
M11SDV-4/8C(T)-LN4FTBD
M12SWATBD
H13SAE-MFv 1.3
H13SRD-Fv 1.3
H13SRE-Fv 1.0
H13SRHv 1.3
H13SRA-TF/H13SRA-Fv 1.3

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.