AMD Extends Security Patch for RYZEN 3000, Addressing Critical SMM Vulnerability

AMD RYZEN 3000 security

Earlier, security researchers discovered a critical vulnerability (CVE-2023-31315, CVSS 7.5) in AMD processors, located within the System Management Mode (SMM) of the processor, which allows attackers to execute arbitrary code in SMM.

Because this code is executed at the processor level, antivirus software operating at the OS level is nearly incapable of detecting the attack, or even if detected, unable to remove the malicious code or defend against it. Even reinstalling the operating system would not remove the malicious code, as it resides outside the OS.

The bad news is that the severity of this vulnerability is extremely high, posing serious security risks. However, the good news is that exploiting this vulnerability is equally difficult; attackers must first use a combination of different vulnerabilities to gain access to the computer’s kernel before they can exploit the SMM vulnerability.

These vulnerabilities affect all AMD processors released since 2006. However, due to the age of the RYZEN 1000/2000/3000 series, AMD has decided not to provide security patches for these processors.

Now, AMD has updated its security advisory to include support for RYZEN 3000 series desktop processors. The relevant security updates will be released within the next few days, allowing users to address the vulnerability through a firmware update.

Other versions of the RYZEN 3000 series, such as Threadripper, EPYC, RYZEN 3000 mobile versions, and RYZEN 3000/4000 APUs, are also included in the scope of the fixes. These firmware updates have already been released or will be available very soon.

Those interested in security can visit AMD’s advisory page, where a list of all products eligible for updates and their corresponding microcode versions is provided.

Related Posts: