CVE-2023-31315

Vulnerability

Details The vulnerability lies in improper validation of a model-specific register (MSR) on AMD processors. A malicious program already possessing ring0 (kernel-level) access can exploit this flaw to modify System Management Mode (SMM) configuration even when the SMM Lock feature—designed to prevent unauthorized SMM changes—is enabled. This bug has been present in AMD hardware for nearly two decades, affecting EPYC data center, Ryzen PC, and embedded processors [1][2].

Exploitation

Conditions An attacker must first achieve ring0 access on an affected system, typically through a separate kernel compromise or by running code with elevated privileges. With that foothold, the attacker can manipulate the MSR to alter SMM memory or settings, bypassing the hardware-enforced SMM Lock. The attack is particularly potent on improperly configured systems, which represent the majority of real-world deployments [2].

Impact

Successful exploitation allows arbitrary code execution within SMM, a CPU mode more privileged than the kernel (often referred to as "ring -2"). Code running in SMM is invisible to the operating system and most security tools, enabling attackers to implant persistent bootkits or malware that survive OS reinstallation and conventional antivirus detection. Researchers from IOActive, who discovered the flaw, described it as creating malware that is "nearly impossible to remove" [2].

Mitigation

Status AMD has released firmware updates for affected processors to address CVE-2023-31315. Users and organizations should apply vendor-supplied BIOS/UEFI updates for AMD EPYC, Ryzen, and embedded product lines. Systems that are not updated remain vulnerable, especially if they lack proper SMM configuration. The vulnerability is not considered easily patchable in systems with incorrect SMM settings [1][2].