AMD has fixed one high-severity vulnerability affecting its client and embedded processors; fixes for the other two will come out later in June.
Three high-severity vulnerabilities have been disclosed in AMD’s client and embedded processors that came out between 2016 and 2019. An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware.
AMD, which dubs the flaws “SMM Callout Privilege Escalation” bugs, released a fix for one of the three, CVE-2020–14032, on June 8. The other two flaws (CVE-2020–12890 and another that has yet to be issued a CVE number) have not yet been fixed. However, in a security update last week, AMD said it plans deliver the fixes for the issues by the end of June 2020.