Over the past couple of years, we are accustomed to the fact that if any vulnerabilities are found in processors, they often concern Intel processors more. However, a new vulnerability called SMM Callout Privilege Escalation (CVE-2020-12890) is an exception, as it was discovered in AMD processors.
It was discovered by security specialist Danny Odler, but AMD itself reported it. The vulnerability allows a conditional attacker to manipulate the AGESA protocol to execute arbitrary code that is not detected by the operating system.
AMD points out two important points. Firstly, according to its data, the vulnerability exists only on certain client and embedded hybrid processors that were released between 2016 and 2019 (there are no exact models), and secondly, and this is important, the situation can be corrected by a simple update of AGESA, and AMD has already provided patches to most customers. The rest will receive them before the end of this month.