A vulnerability found in certain AMD processor firmware has been patched by the company, it was revealed at the 31st Chaos Communication Congress.
According to Heise.de, the vulnerability was found in the Trinity, Richland, Kaveri and Kabini series of the chip by Czech programmer Rudolf Marek. He explained how insufficiently protected code signatures and other errors in the firmware could be used by hackers to inject software, which could then be executed by the System Management Unit and Accelerated Processing Units.
The System Management Unit (SMU) in the chips is responsible for power saving functionality alongside other configuration tasks. Using his hack, Marek was able to extract SMU code from downloaded BIOS updates on various motherboard manufacturers, and subsequently able to obtain the secret key the company uses for the SHA1 hash in the chips' code signature. Marek was also able to inject his own commands, as the SMU firmware execution code didn't check properly.
Marek contacted AMD in April - the company confirmed the error two months later, and patched some verisions of the AGESA (software in charge of the booting process in the BIOS) firmware was released in November last year. The firmware versions with SMU patches are as follows:
| APU | CPU family | AGESA version | SMU version |
|---|---|---|---|
| Trinity | 15h | 1.1.0.7 | 10:14 |
| Richmond | 15h | 1.1.0.7 | 12:18 |
| Kaveri | 15h | 1.1.0.7 | 13:52 |
| Kabini | 16h | 1.1.0.2 | 12:21 |
For more information you can watch the full video of Marek's talk.
