SMM Callout Privilege Escalation Vulnerability found to impact AMD APU platforms
SMM Callout Privilege Escalation Vulnerability found to impact AMD APU platforms
This vulnerability has been called SMM Callout Privilege Escalation (CVE-2020-12890), an issue which has been found to impact the AMD software that has been supplied to motherboard manufacturers for use with their Unified Extensible Firmware Interface (UEFI) infrastructure. As such, this security flaw can be addressed through a UEFI/BIOS update, seemingly with no negative performance impacts. These new UEFI/AGESA updates will be ready before the end of this month.Â
SMM Callout Privilege Escalation was discovered by the security researched Danny Odler, who found that those with privileged physical or administrative access to affected systems could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code. This attack method is undetectable by the user’s OS.Â
Note that this is not a Speculative Execution style vulnerability. CVE-2020-12890 is a platform software vulnerability, which AMD has seemingly rectified in its latest AGESA code. The nature of this vulnerability means that it can be addressed with no performance impact, which is great news for users of AMD APUs.Â
Below is what AMD has to say about the vulnerability.Â
  AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.
The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.
AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020. AMD recommends following the security best practice of keeping devices up-to-date with the latest patches. End users with questions about whether their system is running on these latest versions should contact their motherboard or original equipment/system manufacturer.
We thank Danny Odler for his ongoing security research.
You can join the discussion on AMD’s APUs being affected by an SMM Callout Privilege Escalation Vulnerability on the OC3D Forums.Â