The bug allows malicious software and rogue privileged users with access to the operating system kernel to run code in System Management Mode (SMM), a highly privileged execution environment present in x86 processors from Intel and AMD. SinkClose is unique to AMD.
SMM sits below the kernel and hypervisor, as well as applications, in that the management mode has unrestricted access to and control of the machine. If you can get arbitrary code execution in SMM you can undermine the whole system, doing whatever malicious stuff you want.
Thus if malware or a rogue privileged user can get into SMM, such as by exploiting Sinkclose on AMD machines, they can really take over the box, spy on it, steal data and meddle with it, and infect it.
#amd-processors #cve-2023-31315 #security-vulnerability #system-management-mode #privileged-execution-environment
[
Collection
]
[
|
...
]