Advisory 2024-1662 - AMD Processor: Vulnerability allows code in System Management Mode (SMM)

Operating System

• Sonstiges
• UNIX
• Windows

Software

• AMD Prozessor
• Dell PowerEdge
• HPE ProLiant Gen10 < v3.10_05-16-2024
• HPE ProLiant Gen11 < v1.64_06-19-2024
• UPDATE 2024-08-14
• Lenovo Computer
• Oracle Linux
• UPDATE 2024-08-15
• SUSE Linux
• UPDATE 2024-08-21
• Amazon Linux 2
• UPDATE 2024-08-29
• Red Hat Enterprise Linux
• UPDATE 2024-09-10
• Fedora Linux
• UPDATE 2024-10-09
• Dell Computer
• UPDATE 2024-10-21
• Ubuntu Linux
• UPDATE 2024-12-12
• HP Computer SimpliVity Server

Attack

A local attacker can exploit a vulnerability in AMD Prozessor, Dell PowerEdge and HPE ProLiant in order to execute arbitrary code.

Description

Processors are the central processing units of a computer. PowerEdge is the brand name for servers from Dell ProLiant is a server line from Hewlett Packard Enterprise.

There is a vulnerability in AMD Prozessor, that affects several Dell PowerEdge and HPE ProLiant products. This flaw exists due to improper validation in a model-specific register (MSR), which allows an attacker with ring 0 access to modify the System Management Mode (SMM) configuration even if SMM Lock is enabled. A local attacker can exploit this vulnerability to execute arbitrary code in System Management Mode (SMM).

Recommendation

AMD provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
https://www.dell.com/support/kbdoc/de-de/000227665/dsa-2024-344-security-update-for-dell-amd-based-poweredge-server-vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04676en_us

UPDATE 2024-08-14

Oracle Linux provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://oss.oracle.com/pipermail/el-errata/2024-August/016159.html
http://linux.oracle.com/errata/ELSA-2024-12579.html
http://linux.oracle.com/errata/ELSA-2024-12578.html

LENOVO provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://support.lenovo.com/us/en/product_security/LEN-164067

UPDATE 2024-08-15

SUSE provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019197.html

UPDATE 2024-08-19
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019215.html
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019214.html

UPDATE 2024-08-21

Amazon provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://alas.aws.amazon.com/AL2/ALAS-2024-2626.html

SUSE provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019288.html

UPDATE 2024-08-29

Red Hat provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://access.redhat.com/errata/RHSA-2024:5978
https://access.redhat.com/errata/RHSA-2024:5982
https://access.redhat.com/errata/RHSA-2024:5980

UPDATE 2024-09-03

SUSE provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.suse.com/pipermail/sle-security-updates/2024-September/019335.html

UPDATE 2024-09-10

Fedora provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-3cd42e9e29
https://bodhi.fedoraproject.org/updates/FEDORA-2024-f32e633786
https://bodhi.fedoraproject.org/updates/FEDORA-2024-3dbf10c949

UPDATE 2024-10-09

Dell provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://www.dell.com/support/kbdoc/de-de/000227593/dsa-2024-353

UPDATE 2024-10-21

Ubuntu provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://ubuntu.com/security/notices/USN-7077-1

UPDATE 2024-12-09

SUSE provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019965.html

UPDATE 2024-12-12

HPE provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04686en_us&docLocale=en_US

Information

AMS Security Bulletin dated 2024-08-11
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html

Dell Security Update dated 2024-08-11
https://www.dell.com/support/kbdoc/de-de/000227665/dsa-2024-344-security-update-for-dell-amd-based-poweredge-server-vulnerabilities

HPE Security Bulletin dated 2024-08-11
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04676en_us

Oracle Linux Security Advisory ELSA-2024-12580 dated 2024-08-13
https://oss.oracle.com/pipermail/el-errata/2024-August/016159.html

Oracle Linux Security Advisory ELSA-2024-12579 dated 2024-08-13
http://linux.oracle.com/errata/ELSA-2024-12579.html

Oracle Linux Security Advisory ELSA-2024-12578 dated 2024-08-13
http://linux.oracle.com/errata/ELSA-2024-12578.html

Lenovo Security Advisory LEN-164067 dated 2024-08-14
https://support.lenovo.com/us/en/product_security/LEN-164067

SUSE Security Update SUSE-SU-2024:2911-1 dated 2024-08-14
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019197.html

SUSE Security Update SUSE-SU-2024:2943-1 dated 2024-08-16
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019215.html

SUSE Security Update SUSE-SU-2024:2944-1 dated 2024-08-16
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019214.html

Amazon Linux Security Advisory ALAS-2024-2626 dated 2024-08-21
https://alas.aws.amazon.com/AL2/ALAS-2024-2626.html

SUSE Security Update SUSE-SU-2024:2980-1 dated 2024-08-20
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019288.html

Red Hat Security Advisory RHSA-2024:5978 dated 2024-08-29
https://access.redhat.com/errata/RHSA-2024:5978

Red Hat Security Advisory RHSA-2024:5982 dated 2024-08-29
https://access.redhat.com/errata/RHSA-2024:5982

Red Hat Security Advisory RHSA-2024:5980 dated 2024-08-29
https://access.redhat.com/errata/RHSA-2024:5980

SUSE Security Update SUSE-SU-2024:3081-1 dated 2024-09-02
https://lists.suse.com/pipermail/sle-security-updates/2024-September/019335.html

Fedora Security Advisory FEDORA-2024-3CD42E9E29 dated 2024-09-09
https://bodhi.fedoraproject.org/updates/FEDORA-2024-3cd42e9e29

Fedora Security Advisory FEDORA-2024-F32E633786 dated 2024-09-09
https://bodhi.fedoraproject.org/updates/FEDORA-2024-f32e633786

Fedora Security Advisory FEDORA-2024-3DBF10C949 dated 2024-09-09
https://bodhi.fedoraproject.org/updates/FEDORA-2024-3dbf10c949

Dell Security Advisory DSA-2024-353 dated 2024-10-08
https://www.dell.com/support/kbdoc/de-de/000227593/dsa-2024-353

Ubuntu Security Notice USN-7077-1 dated 2024-10-21
https://ubuntu.com/security/notices/USN-7077-1

SUSE Security Update SUSE-SU-2024:4255-1 dated 2024-12-06
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019965.html

HPE Security Bulletin dated 2024-12-11
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04686en_us&docLocale=en_US