[6] SMM is a special-purpose operating mode provided for handling system-wide functions like power management, system hardware control, or proprietary OEM designed code.
The processor executes the SMM code in a separate address space (SMRAM) that has to be made inaccessible to other operating modes of the CPU by the firmware.
Due to this fact, it is a target for malicious rootkits to reside in,[18][19] including NSA's "implants",[20] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[21] SCHOOLMONTANA for J-series routers of the same company,[22] DEITYBOUNCE for DELL,[23] or IRONCHEF for HP Proliant servers.
[25] According to the documentation of the Linux kernel, around 2004, such buggy implementations of the USB legacy support feature were a common cause of crashes, for example, on motherboards based on the Intel E7505 chipset.
Operations in SMM take CPU time away from the applications, operating-system kernel and hypervisor, with the effects magnified for multicore processors, since each SMI causes all cores to switch modes.
The Windows and Linux kernels define an "SMI Timeout" setting – a period within which SMM handlers must return control to the operating system, or it will "hang" or "crash".