Security News > 2020 > June > AMD: Fixes For High-Severity SMM Callout Flaws Upcoming
An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware.
AMD, which dubs the flaws "SMM Callout Privilege Escalation" bugs, released a fix for one of the three, CVE-2020-14032, on June 8.
In a security update last week, AMD said it plans deliver the fixes for the issues by the end of June 2020.
AMD Mini PC was released by AMD in December 2019 as a direct competitor to small form factor computing units, including Intel's NUC and Gigabyte Brix.
"If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture to execute arbitrary code undetected by the operating system," said AMD. "AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020.".
News URL
https://threatpost.com/amd-fixes-for-high-severity-smm-callout-flaws-upcoming/156787/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-23 | CVE-2020-14032 | Improper Privilege Management vulnerability in Asrock Box-R1000 Firmware ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. | 7.5 |