Hundreds of AMD server and PC processor lines over the past two decades have been impacted by a flaw, which could be leveraged to deactivate memory protections, allow privilege escalation to the firmware level, and facilitate total firmware hijacking, according to SC Media.
Such a vulnerability, tracked as CVE-2023-31315, stems from a System Management Mode issue that enables bypassing of protections provided key conditions are met, a study from IOActive researchers presented at this year's DEF CON security conference showed.
Researchers said that command execution in SMM mode would allow threat actors to conduct operating system reinstallations to obtain device control even after a compromised machine is reset.
Organizations using systems with the vulnerability have been urged to immediately apply already available security patches, which IOActive researcher Enrique Nissim said does not adversely affect chip performance, contrary to fixes for other hardware-level security issues.
