SMM Callout Privilege Escalation, which security research Danny Odler discovered, enables an attacker with physical or administrative access to the victim system to manipulate the AMD Generic Encapsulated Software Architecture (AGESA) microcode inside the motherboard's firmware. This allows for the execution of malicious code that's not detectable by the operating system.
Luckily, this vulnerability can be mitigated with a simple microcode update, which seemingly doesn't bear a performance impact on the system. AMD has already distributed updated versions of its AGESA microcodes to its motherboard partners and will deliver the remaining versions by the end of this month.
As usual, AMD recommends users to update their systems to the latest firmware once it's available.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Zhiye Liu is a Freelance News Writer at Tom’s Hardware US. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers
so 4xxxU, 4xxxH, are ok?Reply
It's not clear, but with the latest AGESA all AMD Zen and later CPUs should be fine. Which firmware first contained the fix? I don't know, at least not without digging for further details. I assume quite a few 300-series chipset motherboards are still going to be limited to older firmware, but this isn't a massive problem anyway since it requires administrative (and?) or physical access to the system. If that has happened, you should already assume the PC is compromised.rgd1101 said:so 4xxxU, 4xxxH, are ok?