Jump to content

Vulnerability found in AMD processor firmware


Matsuda

Recommended Posts


A vulnerability found in certain AMD processor firmware has been patched by the company, it was revealed at the 31st Chaos Communication Congress.

According to Heise.de, the vulnerability was found in the Trinity, Richland, Kaveri and Kabini series of the chip by Czech programmer Rudolf Marek. He explained how insufficiently protected code signatures and other errors in the firmware could be used by hackers to inject software, which could then be executed by the System Management Unit and Accelerated Processing Units

The System Management Unit (SMU) in the chips is responsible for power saving functionality alongside other configuration tasks. Using his hack, Marek was able to extract SMU code from downloaded BIOS updates on various motherboard manufacturers, and subsequently able to obtain the secret key the company uses for the SHA1 hash in the chips’ code signature. Marek was also able to inject his own commands, as the SMU firmware execution code didn’t check properly.

Marek contacted AMD in April – the company confirmed the error two months later, and patched some verisions of the AGESA (software in charge of the booting process in the BIOS) firmware was released in November last year. The firmware versions with SMU patches are as follows:

sshot_1.png




Source: http://www.welivesecurity.com/2015/01/13/vulnerability-found-amd-processor-firmware/

Link to comment
Share on other sites


  • Replies 4
  • Views 1k
  • Created
  • Last Reply
  • Administrator

Wonder how one would apply them. If it's connected to the BIOS updates, then what if the manufacturers do not release the update for particular models.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...