CVE-2025-62864
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code in the UEFI-MM Secure Partition context through an out-of-bounds write via a malformed SMC call. It affects AmpereOne AC03, AC04, and M series devices running vulnerable firmware versions. Attackers could potentially gain elevated privileges and compromise system integrity.
💻 Affected Systems
- AmpereOne AC03 devices
- AmpereOne AC04 devices
- AmpereOne M devices
📦 What is this software?
Ampereone A128 34x Firmware by Amperecomputing
Ampereone A144 24x Firmware by Amperecomputing
Ampereone A144 26m Firmware by Amperecomputing
Ampereone A144 27x Firmware by Amperecomputing
Ampereone A144 33m Firmware by Amperecomputing
Ampereone A160 28m Firmware by Amperecomputing
Ampereone A160 28x Firmware by Amperecomputing
Ampereone A192 26m Firmware by Amperecomputing
Ampereone A192 26x Firmware by Amperecomputing
Ampereone A192 26x Firmware by Amperecomputing
Ampereone A192 32m Firmware by Amperecomputing
Ampereone A192 32x Firmware by Amperecomputing
Ampereone A96 36m Firmware by Amperecomputing
Ampereone A96 36x Firmware by Amperecomputing
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary code with highest privileges, potentially installing persistent firmware-level malware or exfiltrating sensitive data.
Likely Case
Privilege escalation allowing attackers to bypass security controls, access protected memory regions, and potentially gain control over the secure partition.
If Mitigated
Limited impact if proper firmware validation and secure boot are enforced, though the vulnerability still presents a significant security risk.
🎯 Exploit Status
Exploitation requires ability to make SMC calls, typically requiring some level of system access. No public exploits currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: AC03: 3.5.9.3, AC04: 4.4.5.2, M devices: 5.4.5.1
Vendor Advisory: https://amperecomputing.com/products/security-bulletins/amp-sb-0007
Restart Required: Yes
Instructions:
1. Download firmware update from Ampere support portal
2. Verify firmware integrity using provided checksums
3. Follow Ampere's firmware update procedures
4. Reboot system to apply firmware update
5. Verify successful update using version check commands
🔧 Temporary Workarounds
Restrict SMC call access
linuxImplement access controls to restrict which processes can make SMC calls
# Configure SELinux/AppArmor policies to restrict SMC access
# Implement kernel module restrictions
🧯 If You Can't Patch
- Implement strict access controls and monitoring for SMC calls
- Isolate affected systems in segmented network zones with limited trust
🔍 How to Verify
Check if Vulnerable:
Check firmware version using dmidecode or vendor-specific tools and compare against vulnerable versionsCheck Version:
dmidecode -t bios | grep VersionVerify Fix Applied:
Verify firmware version matches or exceeds patched versions: AC03 >= 3.5.9.3, AC04 >= 4.4.5.2, M devices >= 5.4.5.1📡 Detection & Monitoring
Log Indicators:
- Unusual SMC call patterns in system logs
- Failed firmware integrity checks
- Unexpected secure partition access attempts
Network Indicators:
- Unusual outbound connections from affected systems
- Anomalous firmware-related network traffic
SIEM Query:
source="system_logs" AND ("SMC" OR "MMCommunicate") AND severity=HIGH