Bug 2181334 (AMD-SN-4003, CVE-2023-20555)

Summary: CVE-2023-20555 hw: AMD: SMM Memory Corruption Vulnerability
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, allarkin, bhu, chwhite, crwood, dbohanno, ddepaula, debarbos, dvlasenk, ezulian, hkrzesin, jarod, jdenham, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, nmurray, ptalbert, qzhao, rrobaina, rvrbovsk, rysulliv, scweaver, security-response-team, tglozar, tyberry, walters, wcosta, williams, wmealing, ycote
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in hw. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer, potentially leading to arbitrary code execution in SMM.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2180682    

Description Rohit Keshri 2023-03-23 17:49:44 UTC 
The Binarly efiXplorer team made AMD aware of a potential vulnerability in a display feature component in Client products (CpmDisplayFeatureSMM) where an attacker can rewrite a controlled pointer to point to SMRAM resulting in a one bit overwrite of SMRAM.

Although this vulnerability could have high impact if exploited, AMD believes an attacker may have difficulty carrying out a meaningful attack since the vulnerability allows an attacker to manipulate only a single bit value in SMRAM.

Reference:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-4003