Gabriel Negreira Barbosa, Rodrigo Rubira Branco (BSDaemon), Joe Cihula (Intel)
Two vulnerabilities in the Intel VTd/IOMMU (CVE-2019-0151,0152) allow an attacker to bypass memory protections and execute code in SMM and TXT. The impact is way bigger than the attention it received. It is a CPU issue that is independent of the firmware’s SMM implementation so it could be used for installing firmware-agnostic SMM rootkits. It also allows code execution inside a TXT authenticated code module (ACM).
Vulnerabilities in System Management Mode (SMM) and Trusted Execution Technology (TXT)