• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New SMM Callout Privilege Escalation Vulnerability Affects AMD Platforms

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,194 (7.56/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
AMD on Wednesday disclosed a new security vulnerability affecting certain client- and APU processors launched between 2016 and 2019. Called the SMM Callout Privilege Escalation Vulnerability, discovered by Danny Odler, and chronicled under CVE-2020-12890, the vulnerability involves an attacker with elevated system privileges to manipulate the AGESA microcode encapsulated in the platform's UEFI firmware to execute arbitrary code undetected by the operating system. AMD plans to release AGESA updates that mitigate the vulnerability (at no apparent performance impact), to motherboard vendors and OEMs by the end of June 2020. Some of the latest platforms are already immune to the vulnerability.



A statement by AMD follows.
AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.

The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020. AMD recommends following the security best practice of keeping devices up-to-date with the latest patches. End users with questions about whether their system is running on these latest versions should contact their motherboard or original equipment/system manufacturer.

We thank Danny Odler for his ongoing security research.

View at TechPowerUp Main Site
 
Joined
Jun 5, 2009
Messages
214 (0.04/day)
Location
Germany
System Name Steam Deck LCD | AluMaster
Processor AMD Van Gogh 4-Core 8-Threads | Core i7 5820k @ 4.5GHz
Motherboard Stock | GB G1 X99 Gaming
Cooling Stock + MX4 Thermal Paste | Thermalright Macho + 2x Arctic Cooling P12
Memory 16GB DDR5 5500 | 32GB DDR4 2133
Video Card(s) AMD Van Gogh 8 CUs | RTX 3060 Ti Undervolt + OC @ 120W
Storage 512GB NVMe + 512GB MicroSD | 512GB M.2 NVMe + 480GB SATA SSD
Display(s) 7" 800p (Deck) | LG 34" Ultrawide + 27" both 75Hz | 58" UHD TV
Case Stock + Airflow Backplate (5C less and a lot less noise) | Jonsbo RM2 Alu ATX 20L
Audio Device(s) Jabra Elite 65T Bluetooth Headphones
Power Supply Stock | FSP 500W SFX
Mouse Logitech MX-Master 3 Bluetooth | PS4 controller (because gyro)
Keyboard Logitech MX-Keys Bluetooth
Software SteamOS | Windows 10 IoT
I'm curious to see the performance impact on this one. They promise none, but who knows.
 
Joined
Aug 6, 2017
Messages
7,412 (2.79/day)
Location
Poland
System Name Purple rain
Processor 10.5 thousand 4.2G 1.1v
Motherboard Zee 490 Aorus Elite
Cooling Noctua D15S
Memory 16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s) RTX 2070 Super Gaming X Trio
Storage SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s) Acer XB241YU+Dell S2716DG
Case P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s) K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply Superflower Leadex Gold 850W
Mouse G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
software patch mitigation is better.you can turn it off.
with agesa I don't know,you're gonna have to sneak in that update with newer bios versions.
 
Joined
Jul 13, 2016
Messages
3,262 (1.07/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
I'm curious to see the performance impact on this one. They promise none, but who knows.

Given that this exploit has nothing to do with the way the processor handles data, yeah the performance impact will be 0. It's a security hole that allows the attacker to manipulate AGESA in order to execute code

software patch mitigation is better.you can turn it off.
with agesa I don't know,you're gonna have to sneak in that update with newer bios versions.

You do realize that AGESA runs at a lower level then windows right? Releasing a software update would literally do nothing.
 
Joined
Feb 20, 2019
Messages
8,211 (3.93/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
See this, Intel? This is how you deal with security flaws.

The vulnerability was registered a month ago, and AMD are today announcing that new platforms have already been covered in the latest AGESA, with older platforms promised within 6 weeks of the vulnerability initially being brought to light.

Nobody is being asked to sit on it for a year, and then bribed to sit on it for another six months, and then hit by a smear campaign to discredit them after refusal of your second bribery.
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,516 (2.40/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
See this, Intel? This is how you deal with security flaws.

The vulnerability was registered a month ago, and AMD are today announcing that new platforms have already been covered in the latest AGESA, with older platforms promised within 6 weeks of the vulnerability initially being brought to light.

Nobody is being asked to sit on it for a year, and then bribed to sit on it for another six months, and then hit by a smear campaign to discredit them after refusal of your second bribery.
And AMD even said thanks to the guy who found it...
 
Joined
Jan 11, 2005
Messages
1,491 (0.21/day)
Location
66 feet from the ground
System Name 2nd AMD puppy
Processor FX-8350 vishera
Motherboard Gigabyte GA-970A-UD3
Cooling Cooler Master Hyper TX2
Memory 16 Gb DDR3:8GB Kingston HyperX Beast + 8Gb G.Skill Sniper(by courtesy of tabascosauz &TPU)
Video Card(s) Sapphire RX 580 Nitro+;1450/2000 Mhz
Storage SSD :840 pro 128 Gb;Iridium pro 240Gb ; HDD 2xWD-1Tb
Display(s) Benq XL2730Z 144 Hz freesync
Case NZXT 820 PHANTOM
Audio Device(s) Audigy SE with Logitech Z-5500
Power Supply Riotoro Enigma G2 850W
Mouse Razer copperhead / Gamdias zeus (by courtesy of sneekypeet & TPU)
Keyboard MS Sidewinder x4
Software win10 64bit ltsc
Benchmark Scores irrelevant for me
See this, Intel? This is how you deal with security flaws.

The vulnerability was registered a month ago, and AMD are today announcing that new platforms have already been covered in the latest AGESA, with older platforms promised within 6 weeks of the vulnerability initially being brought to light.

Nobody is being asked to sit on it for a year, and then bribed to sit on it for another six months, and then hit by a smear campaign to discredit them after refusal of your second bribery.

how we really know if amd(or others in the field) din't had covered/bribed security flaws?
 
Joined
Feb 20, 2019
Messages
8,211 (3.93/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
how we really know if amd(or others in the field) din't had covered/bribed security flaws?
We don't.

But this instance is being reported by an independent organisation (mitre.org) so I'm not entirely sure what you're getting at....
 
Joined
May 7, 2020
Messages
261 (0.16/day)
''execute arbitrary code undetected by the operating system. ''

Hmm..... I have a sneaking suspicion that unpatched AGESA will come in handy to test the true limit of AMD X86 CPU, if they will actually try to run anything we feed the pipeline.
 

bug

Joined
May 22, 2015
Messages
13,729 (3.97/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
You do realize that AGESA runs at a lower level then windows right? Releasing a software update would literally do nothing.
AGESA is firmware. Operating systems have long had the ability to load more recent firmware versions than what's in the BIOS on startup. It's how one gets updates long after the manufacturer forgets about your model ;)
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,946 (2.20/day)
Enough of the mossad remarks.
Stay on the topic.
And, remember.... keep it civil !

Have a Good Day and Stay Safe.
 
Joined
Sep 28, 2012
Messages
980 (0.22/day)
System Name Poor Man's PC
Processor waiting for 9800X3D...
Motherboard MSI B650M Mortar WiFi
Cooling Thermalright Phantom Spirit 120 with Arctic P12 Max fan
Memory 32GB GSkill Flare X5 DDR5 6000Mhz
Video Card(s) XFX Merc 310 Radeon RX 7900 XT
Storage XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320
Display(s) Xiaomi G Pro 27i MiniLED + AOC 22BH2M2
Case Asus A21 Case
Audio Device(s) MPow Air Wireless + Mi Soundbar
Power Supply Enermax Revolution DF 650W Gold
Mouse Logitech MX Anywhere 3
Keyboard Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers
VR HMD Meta Quest 2
Benchmark Scores Who need bench when everything already fast?
These are fine example from underdog and slow CPU maker, assertive prevention and quick to respond.
Unlike our neighboring , doesn't announce anything and yet their system getting slower each Windows update, fine example my office's notebook i5-8350U is miles slower than Ryzen 3 2200U :wtf:
 
Joined
Feb 27, 2007
Messages
51 (0.01/day)
Location
Huntington, NY
System Name Home PC
Processor AMD Ryzen 7 1700
Motherboard ASRock Fatal1ty X370 Gaming K4 AM4
Cooling AMD Wraith Spire
Memory 16 GB Corsair Vengeance PC3000 DDR4
Video Card(s) PowerColor RED DRAGON Radeon RX Vega 56
Storage Samsung 850 Evo 1TB, Crucial MX300 500GB
Display(s) Dell S2719DGF 1440p
Case Phanteks Enthoo Pro Series PH-ES614P
Audio Device(s) Onboard
Power Supply SeaSonic M12II 620 Bronze
Mouse Logitech G9X
Keyboard Dell
Software Windows 10 Pro
Per the AMD website (https://www.amd.com/en/corporate/product-security)
...requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. :wtf:

The attacker first needs privileged access to the system in order to take advantage of the vulnerability.
 
Joined
Sep 26, 2012
Messages
871 (0.20/day)
Location
Australia
System Name ATHENA
Processor AMD 7950X
Motherboard ASUS Crosshair X670E Extreme
Cooling ASUS ROG Ryujin III 360, 13 x Lian Li P28
Memory 2x32GB Trident Z RGB 6000Mhz CL30
Video Card(s) ASUS 4090 STRIX
Storage 3 x Kingston Fury 4TB, 4 x Samsung 870 QVO
Display(s) Acer X38S, Wacom Cintiq Pro 15
Case Lian Li O11 Dynamic EVO
Audio Device(s) Topping DX9, Fluid FPX7 Fader Pro, Beyerdynamic T1 G2, Beyerdynamic MMX300
Power Supply Seasonic PRIME TX-1600
Mouse Xtrfy MZ1 - Zy' Rail, Logitech MX Vertical, Logitech MX Master 3
Keyboard Logitech G915 TKL
VR HMD Oculus Quest 2
Software Windows 11 + Universal Blue
I'm somewhat concerned that such an elevation of rings is even possible.

Still, its patched (or will be for those on older systems) at no performance cost so whilst questionable, its not the end of the world.
 
Joined
Aug 1, 2016
Messages
32 (0.01/day)
... and almost every time i see such articles there is always something like this
attacker with elevated system privileges
Does it make sense for an attacker with elevated system privileges to attack to begin with???
 
Joined
Jul 25, 2006
Messages
13,068 (1.96/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
... and almost every time i see such articles there is always something like this
attacker with elevated system privileges
No, it is much more than that. You missed the most important part!

Typically, the bad guy must also have physical access to the computer. How likely is it a bad guy will be able to gain access to your home or place of work, sit at your desk, and start messing with your computer (to include inserting thumb drives), bypassing your password/PIN, without someone wondering what is going on?
 
Joined
Jul 9, 2015
Messages
3,413 (1.00/day)
System Name M3401 notebook
Processor 5600H
Motherboard NA
Memory 16GB
Video Card(s) 3050
Storage 500GB SSD
Display(s) 14" OLED screen of the laptop
Software Windows 10
Benchmark Scores 3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.
A new portion of "AMD too" FUD from the known offenders.
I mean "requires privileged physical or administrative access to a system ", you gotta be kidding me...
 

HTC

Joined
Apr 1, 2008
Messages
4,661 (0.77/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 5800X3D
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Pulse 6600 8 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 20.04.6 LTS
No, it is much more than that. You missed the most important part!

Typically, the bad guy must also have physical access to the computer. How likely is it a bad guy will be able to gain access to your home or place of work, sit at your desk, and start messing with your computer (to include inserting thumb drives), bypassing your password/PIN, without someone wondering what is going on?
Perhaps a burglar with a specific agenda?

Could invade the worker's home while he's @ work or invade the workplace @ night when there's nobody in the office, thus gaining physical access to the computer(s) in question @ which point the burglar would carry out his nefarious plan ...

Sure: both the home owner and the work place would become aware of the break in, but would they be aware their computer(s) was / were compromised?

Just a scenario i thought of.
 
Joined
Jul 25, 2006
Messages
13,068 (1.96/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
Perhaps a burglar with a specific agenda?
Just a scenario i thought of.
Yeah, and if that is the case, you have much greater concerns than a vulnerability in a CPU! Like your own, or your family's personal safety. :(
 

HTC

Joined
Apr 1, 2008
Messages
4,661 (0.77/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 5800X3D
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Pulse 6600 8 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 20.04.6 LTS
Yeah, and if that is the case, you have much greater concerns than a vulnerability in a CPU! Like your own, or your family's personal safety. :(

While true, the burglary could be done in a way to divert the owner's "eyes" away from the computer so that the owner changed locks and computer passwords. And if instead of a home break in it were an office break in, they'd likely do the exact same thing: change locks and computer passwords.

Would that be sufficient or would the computer(s) be compromised already, despite the changed passwords?
 
Joined
Jul 25, 2006
Messages
13,068 (1.96/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
:( Nobody is saying you are wrong. But that just is not the point. The point is about many in the IT media seeking attention with sensationalized headlines, fanboys (on one side or the other) seeking to discredit the other side, tinfoil hat wearers believing they are constantly being watched, and the Chicken Littles who are convinced the world is about to end.

You are citing an extreme exception to the norm in order to justify your claim. Sure a burglar could break into my house or place of work. All they have to do is get by security cameras, guards, coworkers, nosy neighbors, alarm systems, the deadbolts on my doors, my dogs, and my Glock - without being noticed, and get out again.

And while burglaries do happen, the vast majority are to grab valuables to sell for drug money. Not to plant malware on our systems.

Exceptions don't make the rule. Just because a vulnerability exists, that does not, in any way, mean it is easy to exploit, or that it will be exploited.

Is this AMD vulnerability (or the Intel vulnerability a few days ago) a bad thing? Sure. Is it going to affect any of us here at TPU? Highly unlikely.
 
  • Like
Reactions: HTC
Joined
Jul 10, 2017
Messages
2,671 (1.00/day)
No, it is much more than that. You missed the most important part!

Typically, the bad guy must also have physical access to the computer. How likely is it a bad guy will be able to gain access to your home or place of work, sit at your desk, and start messing with your computer (to include inserting thumb drives), bypassing your password/PIN, without someone wondering what is going on?
Hard doesn't mean impossible.
Obviously this attack won't be scripted en masse but it is just sad that it is there in a first place.
 
Top