AMD confirms plan to release APU bug fix before June ends

Chipmaker AMD recently confirms that it plans to roll out a fix to a bug that plagues many of its Accelerated Processing Unit (APU).

This particular bug attacks AMD APUs that were released between 2016 and 2019. The so-called “SMM Callout” bug allows attackers to take control of its target’s UEFI firmware. Despite the vulnerabilities it open, the chipmaker said that it is only exploitable on its series of APUs.

An attack on AMD APUs

APUs are a type of processor that has both a central processing unit (CPU) and a graphics processing unit (GPU). Essentially, this type of processor allows a build that will not require a discrete graphics card. This type of processor is popular for entry-level builds because of its affordability.

The company confirms that there are three distinct SMM Callout bugs found on its APUs. Medium security researcher Danny Odler first reported the bugs on June 13. Immediately after that, AMD acknowledged the bug and promises a fix soon.

According to Odler’s research, the bugs are located on the part of the processor called SMM. Also called System Management Mode, this particular layer sits at the deepest level of many processors.

SMM codes are usually used to manage hardware related features. The SMM handles certain UEFI functions like system sleep, hibernation, power management, and memory errors.

These are some of the most critical functions of a processor. If an attacker manages to control the SMM, they can deploy payloads that can automatically shut down a target device.

In a statement, Odler says:

“Code execution in SMM is a game over for all security boundaries such as SecureBoot, Hypervisor, VBS, Kernel, and more.”

Full patch before the end of June

The bug is seen as critical, which is why AMD is responding in record time. The company promises that a patch will be released before the end of the month to crush the bug. As of this writing, Odler confirms that one of the three bugs has been patched with update CVE-2020-14032.

AMD promises that a patch will be ready by the end of the month. The company adds that it is adding the fix into its AGESA patches, which is usually for UEFI firmware.

Lastly, AMD says that once the patch is out, it will share it with its motherboard vendors. For those with a potentially vulnerable system, an update will be released.

Image courtesy of VASANTH/Unsplash

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.