CPUsNews

AMD Promises to Fix Firmware Vulnerability by the End of June 2020

In a press release, AMD has acknowledged a potential vulnerability in UEFI motherboard firmware and promised to roll out fixes by the end of June. The security flaw called, “SMM Callout Privilege Escalation” is supposedly present in the AGESA microcode provided by AMD to board partners. It allows an attacker to execute arbitrary code without the OS being aware (via AGESA).

Originally reported by security researcher Danny Odler, the vulnerability exists in the “System Management Mode” (SSM, Ring -2) code that is part of the UEFI image. This is part of the most low-level and privileged code executable on an x86 based processor. It can attack not only the kernel, but the hypervisor as well as any low-level OS component.

As per AMD’s official statement, this flaw affects only certain client and embedded APUs launched between 2016 and 2019. Team Red has already supplied most vendors with the updated AGESA code while the rest are slated to be delivered by June end.

Areej

Computer hardware enthusiast, engineering dropout, and PC gamer. Former co-founder of Techquila (2017-2019), a fairly successful tech outlet. Been working on Hardware Times since 2019, an outlet dedicated to computer hardware and its applications.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button