AMD APUs Affected by SMM Callout Privilege Escalation Security Vulnerability

News
By published

AMD is distributing the fix.

AMD A-Series Processor

AMD A-Series Processor (Image credit: AMD)

Yesterday, AMD disclosed the SMM Callout Privilege Escalation (CVE-2020-12890) vulnerability that affects the chipmaker's client and embedded APUs that came out between 2016 and 2019.

Luckily, this vulnerability can be mitigated with a simple microcode update, which seemingly doesn't bear a performance impact on the system. AMD has already distributed updated versions of its AGESA microcodes to its motherboard partners and will deliver the remaining versions by the end of this month. 

As usual, AMD recommends users to update their systems to the latest firmware once it's available.

Zhiye Liu
Zhiye Liu
News Editor, RAM Reviewer & SSD Technician

Zhiye Liu is a news editor, memory reviewer, and SSD tester at Tom’s Hardware. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

2 Comments Comment from the forums
  • rgd1101
    so 4xxxU, 4xxxH, are ok?
    Reply
  • JarredWaltonGPU
    rgd1101 said:
    so 4xxxU, 4xxxH, are ok?
    It's not clear, but with the latest AGESA all AMD Zen and later CPUs should be fine. Which firmware first contained the fix? I don't know, at least not without digging for further details. I assume quite a few 300-series chipset motherboards are still going to be limited to older firmware, but this isn't a massive problem anyway since it requires administrative (and?) or physical access to the system. If that has happened, you should already assume the PC is compromised.
    Reply