#VU29206 Permissions, Privileges, and Access Controls in AMD Generic Encapsulated Software Architecture - CVE-2020-12890
Published: June 23, 2020
Vulnerability identifier: #VU29206
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-12890
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AMD Generic Encapsulated Software Architecture
AMD Generic Encapsulated Software Architecture
Software vendor:
AMD
AMD
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to improper security restrictions in AMD’s client and embedded processors that came out between 2016 and 2019. An authenticated attacker with physical access can manipulate the AMD Generic Encapsulated Software Architecture (AGESA) and execute arbitrary code on the target system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.