AMD about working on fixing a series of vulnerabilities "Β» (CVE-2020-12890), which allows you to take control of the UEFI firmware and execute code at the SMM (System Management Mode) level. An attack requires physical access to the hardware or access to the system with administrator rights. In the event of a successful attack, the attacker can use the interface (AMD Generic Encapsulated Software Architecture) to execute arbitrary code that cannot be detected from the operating system.
Vulnerabilities are present in the code included in the UEFI firmware, which is executed in the mode (Ring -2), which has higher priority than hypervisor mode and zero protection ring, and has unlimited access to all system memory. For example, after gaining access to the OS as a result of exploiting other vulnerabilities or social engineering methods, an attacker can use SMM Callout vulnerabilities to bypass secure boot mode (UEFI Secure Boot), inject malicious code or rootkits invisible to the system into SPI Flash, as well as attacks on hypervisors to bypass mechanisms for checking the integrity of virtual environments.
The vulnerabilities are caused by an error in the SMM code related to the lack of checking the address of the target buffer when calling the SmmGetVariable() function in the 0xEF SMI handler. Due to this error, an attacker can write arbitrary data to the internal SMM memory (SMRAM) and run it as code with SMM rights. According to preliminary data, the problem appears in some APUs (AMD Fusion) for custom and embedded systems produced from 2016 to 2019. AMD has already distributed a firmware update with a fix to most motherboard manufacturers, and the remaining manufacturers plan to send the update before the end of the month.
Source: opennet.ru