AMD patches SMM Callout Privilege Escalation bug in its APUs

Posted on Thursday, June 18 2020 @ 14:02 CEST by Thomas De Maesschalck
AMD logo
In a security bulletin on the company's website, AMD warns that some of its client and embedded APUs are vulnerable to a SMM Callout Privilege Escalation (CVE-2020-12890) attack. The vulnerability makes it possible to manipulate the AMD AGESA microcode to execute arbitrary code that can't be detected by the operating system. To achieve this, an attacker needs privileged physical or administrative access to a vulnerable system.

AMD says the bug impacts APUs made between 2016 and 2019. The vulnerability will be patched via an AGESA microcode update, which will be delivered by AMD's motherboard partners by the end of this month. The update reportedly does not have an impact on system performance.
AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.

The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020. AMD recommends following the security best practice of keeping devices up-to-date with the latest patches. End users with questions about whether their system is running on these latest versions should contact their motherboard or original equipment/system manufacturer.

We thank Danny Odler for his ongoing security research.

Loading Comments