Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan SimpleX Chat ThePornDude
Home Artists Posts Import Register
Join the new SimpleX Chat Group!

High Security AMD Flaws - Threatwire Crosspost (Patreon)

Published:
2020-06-24 18:44:05
Imported:
2023-10

Downloads

Content

By Shannon Morse, Threatwire 

AMD disclosed three high severity flaws in clients and embedded processors that were released between 2016 to 2019, that could allow an attacker to execute malicious code or take control of firmware if they have physical access or had already infected a target to gain privileged access.

These are CVE-2020-14032, 12890, and another with no CVE at time of recording. Only the first has been patched. The last two should be patched by the end of the month. AMD has labeled these as SMM Callout Privilege Escalation bugs that affect AMD software technology that is embedded on motherboards from various manufacturers for use in the UEFI (the unified extensible firmware interface). AMD posted a bulletin about these on the 17th. SMM stands for System Management Mode and sets CPU and chipset configurations as well as motherboard, trusted platform module and power management configs. SMM is part of UEFI on microprocessors made by Intel and AMD, but Intel’s are not vulnerable to the same exploit. The SMM vulnerability exists because it lacks several checks that validate argument strings in code before they are processed.

Security researcher Danny Odler found the issues in April and has published an analysis of the first flaw, though he’ll likely publish more information on the other two once they are patched. According to his analysis, the problems occur on AMD’s Accelerated Processing Unit microprocessors, tested on an AMD Mini PC.  

Even though AMD says this would require physical or privileged access to the machine already, they do recommend keeping devices up to date as soon as manufacturing partners release the patches.

Support me on alternative platforms! https://snubsie.com/support

Shop ThreatWire Merch! - https://snubsie.com/shop

Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24

Anti-Surveillance Tips From A Hacker - How To Protect Your Phone Data and Not Be Tracked

https://www.youtube.com/watch?v=g1D3fdyU9ZE

http://www.youtube.com/ShannonMorse?sub_confirmation=1  --  subscribe to my tech channel!

ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire 

Links:

AMD:

https://threatpost.com/amd-fixes-for-high-severity-smm-callout-flaws-upcoming/156787/

https://www.amd.com/en/corporate/product-security

https://medium.com/@dannyodler/attacking-the-golden-ring-on-amd-mini-pc-b7bfb217b437

https://www.zdnet.com/article/amd-says-it-will-fix-new-cpu-bug-by-the-end-of-june-2020/

Comments

No comments found for this post.