CPUsNews

AMD Promises to Fix Firmware Vulnerability by the End of June 2020

In a press release, AMD has acknowledged a potential vulnerability in UEFI motherboard firmware and promised to roll out fixes by the end of June. The security flaw called, “SMM Callout Privilege Escalation” is supposedly present in the AGESA microcode provided by AMD to board partners. It allows an attacker to execute arbitrary code without the OS being aware (via AGESA).

Originally reported by security researcher Danny Odler, the vulnerability exists in the “System Management Mode” (SSM, Ring -2) code that is part of the UEFI image. This is part of the most low-level and privileged code executable on an x86 based processor. It can attack not only the kernel, but the hypervisor as well as any low-level OS component.

As per AMD’s official statement, this flaw affects only certain client and embedded APUs launched between 2016 and 2019. Team Red has already supplied most vendors with the updated AGESA code while the rest are slated to be delivered by June end.

Areej

Computer Engineering dropout (3 years), writer, journalist, and amateur poet. I started Techquila while in college to address my hardware passion. Although largely successful, it suffered from many internal weaknesses. Left and now working on Hardware Times, a site purely dedicated to. Processor architectures and in-depth benchmarks. That's what we do here at Hardware Times!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button