AMD announced the elimination of 22 vulnerabilities in the first, second and third generations of AMD EPYC series server processors that allow compromising the operation of PSP (Platform Security Processor), SMU (System Management Unit) and SEV (Secure Encrypted Virtualization) technologies. 6 issues were identified in 2020 and 16 in 2021. 11 vulnerabilities were identified during internal security research by Google, 6 by Oracle, and 5 by Microsoft.
For hardware OEMs, updated AGESA (AMD Generic Encapsulated Software Architecture) firmware sets have been released, blocking the manifestation of problems by a workaround. Companies such as HP, Dell, Supermicro and Lenovo have already released BIOS and UEFI firmware updates for their server systems.
4 vulnerabilities are categorized as dangerous (details not yet disclosed):
- CVE-2020-12954 - Ability to bypass SPI ROM protection mechanisms by manipulating certain internal chipset settings. The vulnerability allows an attacker to modify SPI Flash to inject malicious code or rootkits invisible to the system.
- CVE-2020-12961 - A vulnerability in the PSP (AMD Security Processor) used to execute a secure isolated environment that is inaccessible from the main OS, allows an attacker to reset any privileged processor register in the SMN (System Management Network) and bypass SPI ROM protection.
- CVE-2021-26331 - A bug in the SMU (System Management Unit) subsystem integrated into the processor, used to manage power consumption, voltage and temperature, allows an unprivileged user to execute their code with elevated privileges.
- CVE-2021-26335 - Incorrect input data validation in the code loader for the PSP processor makes it possible to apply values controlled by the attacker at the stage before the digital signature verification and achieve the execution of your code in the PSP.
Separately, the elimination of a vulnerability (CVE-2021-26334) in the AMD μProf toolkit, which is also supplied for Linux and FreeBSD and used to analyze performance and power consumption, is noted. The problem is present in the AMDPowerProfiler driver and allows an unprivileged user to gain access to the MSR (Model-Specific Register) to organize the execution of your code at the level of the zero protection ring (ring-0). The vulnerability has been fixed in amduprof-3.4-502 for Linux and AMDuProf-3.4.494 for Windows.
In the meantime, Intel has published quarterly vulnerability reports in its products, highlighting the following issues:
- CVE-2021-0146 is a vulnerability in Intel Pentium, Celeron and Atom processors for mobile and desktop systems that allows a user with physical access to the equipment to achieve privilege escalation through the activation of debug modes.
- CVE-2021-0157, CVE-2021-0158 - Vulnerabilities in the BIOS reference code provided to initialize Intel Xeon (E/W/Scalable), Core (7/10/11gen), Celeron (N), and Pentium Silver processors. The problems are caused by incorrect input validation or incorrect flow control in the BIOS firmware and allow privilege escalation when there is local access.
Source: opennet.ru