The attack is based on a well-known technique cache poisoning but applied to a new context. Intel engineers knew about the technique, but interestingly, they had even documented it in the data sheet for the 5100 MCH chipset. The technique was discovered last year by Lo..c Duflot, who has been researching and publishing work on SMM for several years. There are lots of caches in modern hardware, and several of them can be filled under user control with arbitrary data for execution.
Source: https://threatpost.com/reality-system-management-mode-attacks-032609/72475/