AMD SMM Callout Privilege Escalation Detected

AMD disclosed information on a vulnerability.  The issue resides certain client- and APU processors launched between 2016 and 2019 and invokes an SMM Callout Privilege Escalation Vulnerability, discovered by Danny Odler, and chronicled under CVE-2020-12890.

In short, the vulnerability involves an attacker with elevated system privileges to manipulate the AGESA microcode of the UEFI firmware to execute arbitrary code undetected by the operating system. AMD will be releasing AGESA updates that mitigate the vulnerability which will not affect performance in any way. It seems the latest platforms are already immune to the vulnerability. Here's AMD on the topic:

SMM Callout Privilege Escalation (CVE-2020-12890)

AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.

The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020. AMD recommends following the security best practice of keeping devices up-to-date with the latest patches. End users with questions about whether their system is running on these latest versions should contact their motherboard or original equipment/system manufacturer.

We thank Danny Odler for his ongoing security research.

AMD SMM Callout Privilege Escalation Detected

Printed from: