Bug has been reported by Intel's own employees and by researches since 2006, it seems.

Paper here: http://invisiblethingslab.com/resources/misc09/smm_cache_fun... Code here: http://invisiblethingslab.com/resources/misc09/o68-2.tgz

A quick skim of the paper reveals a relatively short and simple attack, but its implications are huge. Code running in SMM mode can literally do anything it wants, and even kernel level code will find it incredibly difficult or possibly even impossible to tell if it has been subverted by malicious SMM code.