Security News > 2020 > June > AMD: Fixes For High-Severity SMM Callout Flaws Upcoming

AMD: Fixes For High-Severity SMM Callout Flaws Upcoming
2020-06-22 15:37

An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware.

AMD, which dubs the flaws "SMM Callout Privilege Escalation" bugs, released a fix for one of the three, CVE-2020-14032, on June 8.

In a security update last week, AMD said it plans deliver the fixes for the issues by the end of June 2020.

AMD Mini PC was released by AMD in December 2019 as a direct competitor to small form factor computing units, including Intel's NUC and Gigabyte Brix.

"If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture to execute arbitrary code undetected by the operating system," said AMD. "AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020.".


News URL

https://threatpost.com/amd-fixes-for-high-severity-smm-callout-flaws-upcoming/156787/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-23 CVE-2020-14032 Improper Privilege Management vulnerability in Asrock Box-R1000 Firmware
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.
network
low complexity
asrock CWE-269
critical
 9.8
9.8