Preface: An SMM Callout is a type of vulnerability found in System Management Mode (SMM) code. This occurs when SMM code calls a function located outside of the System Management RAM (SMRAM) boundaries. The most common scenario is when an SMI (System Management Interrupt) handler tries to invoke a UEFI boot service or runtime service as part of its operation.

This vulnerability can be exploited by attackers with OS-level privileges to modify the physical pages where these services reside, potentially hijacking the privileged execution flow.

Background: STM stands for SMI Transfer Monitor. It is a security mechanism used within the System Management Mode (SMM) of a computer’s firmware. Below are some key points about STM:

Purpose: STM is designed to monitor and control the behavior of SMM code, providing a layer of security by mediating the actions of SMM drivers.

Functionality: It acts as a hypervisor within SMM, functioning alongside the main hypervisor or operating system. STM hosts the SMI (System Management Interrupt) handler in a virtual machine, thereby restricting its access to the platform.

Security: By constraining the SMI handler, STM helps prevent potential security breaches that could undermine the integrity of the system.

Vulnerability details: CVE-2024-21925 is the result of a lack of sufficient input buffer(s) validation within the AmdPspP2CmboxV2 UEFI module. CVE-2024-0179 is an SMM (System Management Mode) Callout vulnerability within the AmdCpmDisplayFeatureSMM UEFI module. Both can allow ring-0 attackers to escalate their privileges, potentially resulting in arbitrary code execution. AMD has begun releasing firmware mitigations to fix these vulnerabilities.  

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html