Advanced Micro Devices Inc
What Happened? The flaw allows attackers with Kernel-level (Ring 0) privileges to escalate to Ring -2 privileges, high-level access associated with System Management Mode (SMM), where they can install virtually undetectable malware, Bleeping Computer reports.
IOActive researchers Enrique Nissim and Krzysztof Okupski discovered that the flaw allows attackers to alter SMM settings even when security measures like SMM Lock are enabled.
The researchers will present their findings at the upcoming DefCon event, shedding light on a flaw that has remained undetected for nearly two decades and impacts a broad range of AMD chip models.
Why Is It Important? This flaw allows malicious code to deeply embed itself within the firmware, making it nearly impossible to detect or remove.
Alarmingly, the vulnerability could persist even after a complete reinstallation of the operating system.
The vulnerability affects various AMD processors, including EPYC (1st to 4th generations), Ryzen Embedded series, Ryzen (3000, 5000, 4000, 7000, and 8000 series), Ryzen Mobile series, Threadripper series, and Athlon Mobile 3000 series, among others.
AMD has already rolled out mitigations for EPYC and Ryzen desktop and mobile CPUs, with additional fixes for embedded CPUs expected soon.
AMD plans to release a fix for its 5000 and 7000 series processors, but users of the 3000 series desktop processors need more time. Despite these relatively recent CPUs being released in late 2019 and 2020, the company has decided not to issue a patch for them.
Rosenblatt analyst Hans Mosesmann maintained a Sell rating on Intel Corp
AMD stock lost 24% in the last 30 days amid a broader sector selloff. The stock is still up over 225 in the last 12 months. Investors can gain exposure to the stock through SPDR S&P 500 ETF Trust
Price Actions: AMD shares were trading higher by 2.64% at $140.36 at the last check Tuesday.