HPSBHF03673 rev. 4 - AMD® SMM Callout Privilege Escalation

Potential Security Impact

Execution of Arbitrary Code

Source: AMD

Reported By: AMD

VULNERABILITY SUMMARY

A potential security vulnerability in AMD® software technology has been identified that, in the case of privileged physical or administrative access, an attacker could potentially manipulate certain versions of AMD® Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

For more information on the vulnerabilities visit the AMD Product Security page at <https://www.amd.com/en/corporate/product-security&gt;[__](<https://www.amd.com/en/corporate/product-security&gt; “External site.” ) (in English).

RESOLUTION

HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below.

HP recommends keeping your system up to date with the latest firmware and software.

Newer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.

> note:
>
> This bulletin may be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:
>
> * Product support eAlerts
>
> * Driver updates
>
> * Security Bulletin updates

Under investigation: System under investigation for impact, or SoftPaq under investigation for feasibility/availability.

Not available: SoftPaq not available due to technical or logistical constraints.

Check support page: The listed SoftPaq has been removed from download site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site.