[Tom's Hardware] AMD APUs Affected by SMM Callout Privilege Escalation Security Vulnerability - Overclock.net - An Overclocking Community
Forum Jump: 

[Tom's Hardware] AMD APUs Affected by SMM Callout Privilege Escalation Security Vulnerability

Reply
 
Thread Tools
post #1 of 11 (permalink) Old 06-18-2020, 08:47 AM - Thread Starter
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,732
Rep: 190 (Unique: 131)
Source: https://www.tomshardware.com/news/am...-vulnerability

Quote:
AMD is distributing the fix.

Yesterday, AMD disclosed the SMM Callout Privilege Escalation (CVE-2020-12890) vulnerability that affects the chipmaker's client and embedded APUs that came out between 2016 and 2019
The article is too short to quote, read the article. There is a new microcode update so look out for a new bios update. Shouldn't cause any performance regression.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector RTX RE Ti - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Solus Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲

Last edited by WannaBeOCer; 06-18-2020 at 10:19 AM.
WannaBeOCer is offline  
Sponsored Links
Advertisement
 
post #2 of 11 (permalink) Old 06-18-2020, 09:24 AM
Politically incorrect
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 9,111
Rep: 629 (Unique: 307)
Will wait for benchmarks, I don't believe a word either AMD or Intel PR come out with in regards to these vulnerabilities.

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
post #3 of 11 (permalink) Old 06-18-2020, 10:12 AM
Top kek
 
Join Date: Oct 2013
Location: Bulgaria , Sofia
Posts: 3,545
Rep: 121 (Unique: 72)
https://www.tomshardware.com/news/am...-vulnerability

Here is the link, since someone for some reason did not include it...

TL;dr, it requires root/administrator privileges or physical access. Not much of a vulnerability i guess.

Previous Hardware:
Spoiler!
Main rig
(16 items)
Parents (2nd) PC
(13 items)
CPU
AMD R7 1700
Motherboard
ASRock X570 Fatal1ty Gaming K4
GPU
Sapphire RX480 4GB Nitro+
RAM
Corsair Vengeance LPX 2x8GB 3200Mhz
Hard Drive
Corsair ForceLS SSD
Hard Drive
250GB Maxtor SATA 7200RPM 8MB
Hard Drive
250GB Seagate Baracuda SATA 7200RPM 8MB
Hard Drive
500GB WesternDigital Blue 7200RPM 16MB
Power Supply
Corsair TX850M
Cooling
Cooler Master 212 EVO
Case
Thermaltake View 27
Operating System
Windows 10 x64 1607
Monitor
AOC i2267FWH 21.5" 1080p IPS
Keyboard
Logitech K120
Mouse
A4 Tech Bloody v5
Audio
Corsair HS30 Raptor
CPU
AMD FX-8320
Motherboard
ASRock Fatal1ty 990FX Killer
GPU
XFX RX470 4GB SingleFan
RAM
Mushkin Redline 996996 2x4GB 2133Mhz
Hard Drive
Western Digital Green 500GB 7200RPM 8MB
Hard Drive
120GB Kingston SSD
Optical Drive
ASUS DVD+RW x52
Power Supply
Corsair VS650
Cooling
ThermalTake Frio Silent 14
Case
DeepCool Tesseract
Operating System
Windows 10 Enterprise 1607
Monitor
ASUS VS228H 21.5"
Keyboard
Logitech K120
▲ hide details ▲
ku4eto is online now  
Sponsored Links
Advertisement
 
post #4 of 11 (permalink) Old 06-18-2020, 10:19 AM - Thread Starter
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,732
Rep: 190 (Unique: 131)
Quote: Originally Posted by ku4eto View Post
https://www.tomshardware.com/news/am...-vulnerability

Here is the link, since someone for some reason did not include it...

TL;dr, it requires root/administrator privileges or physical access. Not much of a vulnerability i guess.
Thanks, updated the OP. We're all human.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector RTX RE Ti - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Solus Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is offline  
post #5 of 11 (permalink) Old 06-18-2020, 10:28 AM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 19,961
Rep: 891 (Unique: 643)
Smells fish. New APUs are coming. It's like - you got to upgrade.

By Built-in Benchmark Queen:
My 2.5 years old delidded 7980xe @ 4600mhz all core with 49ns memorylatency (4000c16 twekaed) is faster than 3950x max overclocked on water in every scenario. Pretty good for a ancient cpu
In gaming it has no chance vs my new 10900k @ 5400mhz and 4600c16 tweaked memory. ~35ns memorylatency.
2nd AMD Build
(10 items)
CPU
2700
Motherboard
470
GPU
5700
RAM
3466/14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
55/2160
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
post #6 of 11 (permalink) Old 06-18-2020, 11:28 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 2,160
Rep: 59 (Unique: 43)
Quote: Originally Posted by ku4eto View Post
https://www.tomshardware.com/news/am...-vulnerability

Here is the link, since someone for some reason did not include it...

TL;dr, it requires root/administrator privileges or physical access. Not much of a vulnerability i guess.
And some pretty fancy doings for little profit to boot.
Not very likely to be exploited ever.
Just like most Intel side channels.

L5
(16 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
Team 16GB [email protected]
Hard Drive
1Tb Team sata+1TB Team sata+1TB 42mm msata
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design C (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, M1060, DT990pro, Fidelio2
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB Samsung cheap
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #7 of 11 (permalink) Old 06-18-2020, 09:33 PM
Politically incorrect
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 9,111
Rep: 629 (Unique: 307)
Quote: Originally Posted by ku4eto View Post
https://www.tomshardware.com/news/am...-vulnerability

Here is the link, since someone for some reason did not include it...

TL;dr, it requires root/administrator privileges or physical access. Not much of a vulnerability i guess.
Still requires mitigation, thus there might be a performance impact.

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
post #8 of 11 (permalink) Old 06-19-2020, 04:57 PM
New to Overclock.net
 
EniGma1987's Avatar
 
Join Date: Sep 2011
Posts: 6,525
Rep: 348 (Unique: 257)
Although this requires admin privileges to exploit, if someone were to have a VM rented from AWS for instance, would they somehow be able to use it to execute things as system outside the VM? Or does it still only escalate to system level within the operating system you are currently in only?

EniGma1987 is offline  
post #9 of 11 (permalink) Old 06-20-2020, 07:08 AM
Top kek
 
Join Date: Oct 2013
Location: Bulgaria , Sofia
Posts: 3,545
Rep: 121 (Unique: 72)
Quote: Originally Posted by EniGma1987 View Post
Although this requires admin privileges to exploit, if someone were to have a VM rented from AWS for instance, would they somehow be able to use it to execute things as system outside the VM? Or does it still only escalate to system level within the operating system you are currently in only?
This does not allow to escape the container/VM. It allows only to write to the BIOS. VMs have their own BIOS, not the host one.

Previous Hardware:
Spoiler!
Main rig
(16 items)
Parents (2nd) PC
(13 items)
CPU
AMD R7 1700
Motherboard
ASRock X570 Fatal1ty Gaming K4
GPU
Sapphire RX480 4GB Nitro+
RAM
Corsair Vengeance LPX 2x8GB 3200Mhz
Hard Drive
Corsair ForceLS SSD
Hard Drive
250GB Maxtor SATA 7200RPM 8MB
Hard Drive
250GB Seagate Baracuda SATA 7200RPM 8MB
Hard Drive
500GB WesternDigital Blue 7200RPM 16MB
Power Supply
Corsair TX850M
Cooling
Cooler Master 212 EVO
Case
Thermaltake View 27
Operating System
Windows 10 x64 1607
Monitor
AOC i2267FWH 21.5" 1080p IPS
Keyboard
Logitech K120
Mouse
A4 Tech Bloody v5
Audio
Corsair HS30 Raptor
CPU
AMD FX-8320
Motherboard
ASRock Fatal1ty 990FX Killer
GPU
XFX RX470 4GB SingleFan
RAM
Mushkin Redline 996996 2x4GB 2133Mhz
Hard Drive
Western Digital Green 500GB 7200RPM 8MB
Hard Drive
120GB Kingston SSD
Optical Drive
ASUS DVD+RW x52
Power Supply
Corsair VS650
Cooling
ThermalTake Frio Silent 14
Case
DeepCool Tesseract
Operating System
Windows 10 Enterprise 1607
Monitor
ASUS VS228H 21.5"
Keyboard
Logitech K120
▲ hide details ▲
ku4eto is online now  
post #10 of 11 (permalink) Old 06-20-2020, 09:09 PM
Politically incorrect
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 9,111
Rep: 629 (Unique: 307)
Quote: Originally Posted by rluker5 View Post
And some pretty fancy doings for little profit to boot.
Not very likely to be exploited ever.
Just like most Intel side channels.
Stuxnet says hi.

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off