AMD has said it will deploy firmware updates by the end of the month to fix some security bugs for notebook and embedded system processors. These three BUGS, which AMD refers to as “SMM Callout” (System Management Mode Callout), could cause an attacker to take over the computer by taking control of the underlying AMD UEFI firmware.
AMD said the BUG affected only a limited number of APU processors released between 2016 and 2019.
It is reported that BUG news first appeared over the weekend, found that the person is Danny Odler. The SMM is part of the AMD UEFI firmware, with very high permissions and levels as low as Ring-2.
Odler actually reported three BUGS to AMD as early as April, and by the time of writing, AMD had fixed the first of them, the security identification code CVE-2020-14032.
The so-called AMD firmware update should be integrated through AGESA and eventually integrated into the motherboard BIOS.