CVE-2020-12890

Name of the Vulnerable Software and Affected Versions AMD processors (affected versions not specified)

Description The issue is related to improper handling of pointers in the System Management Mode (SMM) handling code, which may allow a privileged attacker with physical or administrative access to manipulate the AMD Generic Encapsulated Software Architecture (AGESA) and execute arbitrary code undetected by the operating system. This could potentially lead to control over the UEFI firmware, resulting in full access to the system. The attack requires either physical access to the equipment or administrative access to the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.