Advisory ID:
BRLY-DVA-2025-005

[BRLY-DVA-2025-005] Multiple SMM memory corruption vulnerabilities in the SMM module on AMI-based devices (SMRAM write)

July 1, 2025
Severity:
High
CVSS Score
8.2
Public Disclosure Date:
July 1, 2025
CVE ID:

Summary

BINARLY REsearch team has discovered multiple memory corruption vulnerabilities in AMI-based device firmware that could allow a potential attacker to write fixed or predictable data to an attacker-controlled address.
Vendors Affected Icon

Vendors Affected

AMI
Affected Products icon

Affected Products

Multiple

Potential Impact

An attacker could exploit this vulnerability to elevate privileges from ring 0 to ring -2 and execute arbitrary code in System Management Mode, an environment more privileged than and completely isolated from the operating system (OS). Running arbitrary code in SMM also bypasses SMM-based SPI flash protections against modification, which can help an attacker to install a firmware backdoor/implant. Such malicious code in the firmware could persist through operating system reinstallations. In addition, this vulnerability could potentially be used by malicious actors to bypass security mechanisms provided by UEFI firmware, such as Secure Boot and some types of memory isolation for hypervisors.

This vulnerability was detected by the Deep Vulnerability Analysis (DVA) component from Binarly Platform

Vulnerability Information

  • BINARLY internal vulnerability identifier: BRLY-DVA-2025-005
  • AMI PSIRT assigned CVE identifier: CVE-2025-33043
  • CVSS v3.1: 8.2 High AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected firmware with confirmed impact by BINARLY team

Device name Firmware version IBV Module name Module GUID Module SHA256
Adlinktech cExpress-KL-LT2 11410 (2024-03-12) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 6d8b5c96abc542c76ac6f1eb6d4aac4aff215ac1a345f50992e23aeb6dbd56d3
Adlinktech LED-TKN 90210 (2024-03-06) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 6d8b5c96abc542c76ac6f1eb6d4aac4aff215ac1a345f50992e23aeb6dbd56d3
Dell Latitude 13 3380 1.28.0 (2024-08-19) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 2b228b2a38932e2250f24ae04e626709026d12f0a52f5a5b86089dabc6221109
Samsung Notebook Odyssey P07REH (2024-03-21) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 90540da39d846e2c48503c1c9f9c736a94ae345e52b5e19dbabe5daeb3a1a22a
HP 200 G3 F.52 Rev.A (2024-11-26) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 668d82cf2be8f68b765d28e296fb883e3296128a18a74ec29ee6d2a25cb615b1
HP Z VR Backpack G1 F.45 Rev.A (2024-05-15) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 ef3833d8a4a9e6e2da42e0b2ee5a54df65091ba22b6d37c625d62b446a3f1ac4
Lenovo ThinkCentre M710q M1AKT59A (2023-11-09) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 40573d453515b880f94441ae7143424d2446ef04c2a9c88092faaf33aa5334ff
Lenovo thinkcentre-m710s M16KT71A (2023-09-27) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 8200ee6c8dfb98bdd4a18b34a2ad13575c78aab701aeecf79164c121f90bb012
Lenovo ThinkCentre M710e M1ZKT43A (2024-05-24) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 feb0945375963ebf001a1d63fe94d53afb83ab5ef516def36066d9603c4b93b9
Lenovo ThinkCentre M910z M1BKT59A (2023-12-12) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 c9d712d8b18a57b73e0b31750fb2517a995fa6a5517140d5d420be8f39d420a7
Lenovo TS150 81L/B8S (2024-04-22) AMI MicrocodeUpdate f3331de6-4a55-44e4-b767-7453f7a1a021 ff0949400f0858d0c54a495552ce6706728ae47fc81f7a504eba4a347c2010f9

Vulnerability description

Let's consider the module 2b228b2a38932e2250f24ae04e626709026d12f0a52f5a5b86089dabc6221109.

The pseudocode of the vulnerable function is shown below:

EFI_STATUS SwSmiHandler(
        EFI_HANDLE DispatchHandle,
        const void *Context,
        EFI_SMM_SW_CONTEXT *CommBuffer,
        UINTN *CommBufferSize)
{
  UINT8 FuncIndex;
  SMI_UC_DWORD_REGS *Buffer;

  Buffer = 0;
  if ( !gInit )
  {
    gInit = 1;
    gInitError = InitMicrocodeVariables() == 0;
  }
  gEfiSmmCpuProtocol->ReadSaveState(
    gEfiSmmCpuProtocol,
    4,
    EFI_SMM_SAVE_STATE_REGISTER_RSI,
    CommBuffer->SwSmiCpuIndex,
    &Buffer);
  if ( LOWORD(Buffer->EAX) == 0xD042 )
  {
    FuncIndex = Buffer->EBX;
    Buffer->EFLAGS &= ~1; // SMRAM write
    LOWORD(Buffer->EAX) = 0; // SMRAM write
    if ( gInitError || FuncIndex >= 4 )
    {
      Buffer->EFLAGS |= 1; // SMRAM write
      LOWORD(Buffer->EAX) = 0x8600; // SMRAM write
    }
    else
    {
      (gMicrocodeUpdateAPI[FuncIndex])(Buffer);
    }
  }
  return EFI_SUCCESS;
}

As we can see from the pseudocode, Buffer is an attacker-controlled pointer (obtained via EFI_SMM_SAVE_STATE_REGISTER_RSI). Buffer is not validated against overlapping with SMRAM.

Buffer has the following structure:

00000000 struct SMI_UC_DWORD_REGS
00000000 {
00000000     UINT32 EAX;
00000004     UINT32 EBX;
00000008     UINT32 ECX;
0000000C     UINT32 EDX;
00000010     UINT32 ESI;
00000014     UINT32 EDI;
00000018     UINT32 EFLAGS;
0000001C     UINT16 ES;
0000001E     UINT16 CS;
00000020     UINT16 SS;
00000022     UINT16 DS;
00000024     UINT16 FS;
00000026     UINT16 GS;
00000028     UINT32 EBP;
0000002C };

If LOWORD(Buffer->EAX) is equal to 0xD042, unvalidated writes will occur in SwSmiHandler function and in functions from gMicrocodeUpdateAPI table:

.data:0000000000006518 gMicrocodeUpdateAPI dq offset PresenceTest
.data:0000000000006518                                         ; DATA XREF: SwSmiHandler+8B↑o
.data:0000000000006518                                         ; SwSmiHandler+92↑r
.data:0000000000006520                 dq offset WriteUpdateData
.data:0000000000006528                 dq offset UpdateControl
.data:0000000000006530                 dq offset ReadUpdateData
UINT64 PresenceTest(SMI_UC_DWORD_REGS *Regs)
{
  UINT64 NumMcodeBlks;

  // Regs is attacker-controlled

  NumMcodeBlks = gNumMcodeBlks;
  qmemcpy(&Regs->EBX, "ETNIPEPL", 8); // SMRAM write
  LOWORD(Regs->ESI) = NumMcodeBlks; // SMRAM write
  Regs->EDX = 1; // SMRAM write
  return NumMcodeBlks;
}

void UpdateControl(SMI_UC_DWORD_REGS *Regs)
{
  // Regs is attacker-controlled

  LOBYTE(Regs->EBX) = 1; // SMRAM write
}

The check if ( LOWORD(Buffer->EAX) == 0xD042 ) makes it harder to exploit, but does not mitigate the vulnerability, since an attacker can at least write code at the location of the check itself:

.text:000000000000208E 41 BB 42 D0 00                 mov     r11d, 0D042h
.text:000000000000208E 00
.text:0000000000002094 66 44 39 18                    cmp     [rax], r11w

Disclosure timeline

This vulnerability is subject to a 90 day disclosure period. After 90 days or when a patch has been made generally available (whichever comes first) the advisory will be publicly disclosed.

Disclosure Activity Date
AMI PSIRT notified 2025-04-04
AMI PSIRT confirmed issue 2025-04-15
AMI PSIRT assigned a CVE number 2025-04-15
AMI PSIRT provided a public advisory 2025-05-29
BINARLY public disclosure 2025-07-01

Acknowledgements

BINARLY REsearch team

Tags
No items found.
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner