Insyde's Security Pledge
Since our inception 20 years ago, security has been essential. Hundreds of OEMs and ODM partners have trusted us with enabling the platforms that form the foundation of their products, knowing we share their commitment to make them secure. Product security is a top priority with our company and an area of focus that we continue to improve upon every day.
- We sit on the security review team of the industry’s leading firmware standards body; the UEFI Security Response Team.
- We have internal product security experts that drive our Security Development Lifecycle (SDL) process within our BIOS and BMC firmware teams and evaluate existing and emerging threats.
- We issue regular and timely security alert bulletins when mitigations to vulnerabilities are discovered.
- We work closely with all of our silicon vendor partners to ensure the timely and critical delivery of microcode updates and other patches.
At Insyde, we work with the broader industry to identify, report, mitigate and disclose security vulnerabilities. We support you, our customers and partners, in closing the door to anything which compromises the security or privacy in your platforms. We take this role seriously, because if your firmware is not secure, your product is not secure.
This is our pledge to you. If you have any questions about Insyde Software’s commitment to security, I urge you to reach out to us at security.report@insyde.com
Tim Lewis, Chief Technology Officer
Insyde Software’s Security Teams have conducted thorough analysis for remote code execution vulnerabilities relating to Apache Log4j that was disclosed on December 9th 2021 and has found that its BIOS and BMC firmware products are not affected by CVE-2021-4428 and CVE-2021-45046.
- All InsydeH2O UEFI BIOS versions as well as all of its related Development Tools do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities.
- All Supervyse BMC Firmware versions do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities.
- All Insyde IT environment do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities
Please know that Insyde Software is working closely with Intel, AMD and other partners to provide timely updates to help mitigate these recent issues and many more.
Insyde Software Security Advisory:
Document and CVE #s to be provided when available
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-27405 | 3.6 | Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. | INSYDE-SA-2022038 | 09/30/2022 | 09/30/2022 |
| VU#309662 CVE-2022-34302 CVE-2022-34301 CVE-2022-34303 |
8.2 | Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass | INSYDE-SA-2022037 | 09/30/2022 | 09/30/2022 |
| CVE-2017-5715 | 5.6 | Side-channel analysis may allow unauthorized disclosure of information | INSYDE-SA-2022036 | 09/30/2022 | 09/30/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-35893 | 8.2 | SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. | INSYDE-SA-2022035 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35896 | 6.0 | SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. | INSYDE-SA-2022034 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35895 | 8.2 | SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. | INSYDE-SA-2022033 | 09/21/2022 | 09/21/2022 |
| CVE-2022-36448 | 8.2 | SMM memory corruption vulnerability in Software SMI handler in InsydeH2O | INSYDE-SA-2022032 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35408 | 7.5 | SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. | INSYDE-SA-2022031 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35894 | 6.0 | SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. | INSYDE-SA-2022030 | 09/21/2022 | 09/21/2022 |
| CVE-2022-36338 | 7.5 | SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. | INSYDE-SA-2022029 | 09/21/2022 | 09/21/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| Refer to INSYDE-SA | 3.6 | Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. | INSYDE-SA-2022028 | 07/05/2022 | 07/05/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-43613 | 6.5 | User and administrator password hashes are exposed in runtime UEFI variables, leading to escalation of privilege. | INSYDE-SA-2022027 | 02/21/2022 | - |
| CVE-2021-43614 | 6.7 | Error in handling the PlatformLangCodes UEFI variable could cause a buffer overflow, leading to resource exhaustion and failure. | INSYDE-SA-2022026 | 02/21/2022 | - |
| CVE-2021-38489 | 7.8 | HDD password stored in plaintext. | INSYDE-SA-2022025 | 02/21/2022 | - |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-41837 | 8.2 | An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "current_ptr" to read or write or manipulate data into SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. | INSYDE-SA-2022024 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41838 | 8.2 | An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "ptr" to read or write or manipulate data in the SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. | INSYDE-SA-2022023 | 02/01/2022 | 02/01/2022 |
| CVE-2021-33627 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | INSYDE-SA-2022022 | 02/01/2022 | 02/01/2022 |
| CVE-2021-33626 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | INSYDE-SA-2022021 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41839 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be used by an attacker to overwrite address location of any of the functions (FreePool,LocateHandleBuffer,HandleProtocol) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. | INSYDE-SA-2022020 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41841 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be used by an attacker to overwrite address location of the function (LocateHandleBuffer) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. | INSYDE-SA-2022019 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41840 | 7.5 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code. | INSYDE-SA-2022018 | 02/01/2022 | 02/01/2022 |
| CVE-2020-5953 | 7.5 | A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). | INSYDE-SA-2022017 | 02/01/2022 | 02/01/2022 |
| CVE-2021-43323 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022016 | 02/01/2022 | 02/01/2022 |
| CVE-2022-24031 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022015 | 02/01/2022 | 02/01/2022 |
| CVE-2021-33625 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022014 | 02/01/2022 | 02/01/2022 |
| CVE-2021-43615 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022013 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42554 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022012 | 02/01/2022 | 02/01/2022 |
| CVE-2022-24030 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022011 | 02/01/2022 | 02/01/2022 |
| CVE-2022-24069 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022010 | 02/01/2022 | 02/01/2022 |
| CVE-2021-43522 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022009 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42113 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022008 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42060 | 7.5 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022007 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42059 | 8.2 | Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. | INSYDE-SA-2022006 | 02/01/2022 | 02/01/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-5956 | 7.2 | SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956) | INSYDE-SA-2022005 | 01/04/2022 | 02/08/2022 |
| CVE-2021-41842 | 8.2 | AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. | INSYDE-SA-2022004 | 01/04/2022 | 02/08/2022 |
| CVE-2021-45969 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). | INSYDE-SA-2022003 | 01/04/2022 | 02/08/2022 |
| CVE-2021-45970 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). | INSYDE-SA-2022002 | 01/04/2022 | 02/08/2022 |
| CVE-2021-45971 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). | INSYDE-SA-2022001 | 01/04/2022 | 02/08/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-33627 | 8.2 | SMM code may allow content can be controlled by attacker who attains operating system privilege. | INSYDE-SA-2021003 | 11/29/2021 | 11/29/2021 |
| CVE-2020-27339 | 7.2 | A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability. | INSYDE-SA-2021001 | 06/14/2021 | 12/28/2021 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-5955 | 7.2 | Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O. Intel Skylake: 05.04.15.0001, Intel Skylake MRD: 05.05.39.0001, Intel Kaby Lake (Client): 05.10.48.0001, Intel Greenlow/Greenlow-R (Server/Embedded): 05.12.09.0075, Intel Kaby Lake MRD: 05.11.26.0015, Intel Cannon Lake: 05.21.43.0001, Intel Coffee Lake (Client): 05.21.43.0001, Intel Mehlow/Mehlow-R(Server/Embedded): 05.23.04.0045, Intel Whiskey Lake (Client): 05.21.43.0001, Intel Whiskey Lake RVP (Server/Embedded): 05.23.45.0023, Intel Whiskey Lake/Coffee Lake: 05.23.27.0001, Intel Comet Lake (Client): 05.32.47.0001, Intel Comet Lake RVP (Server/Embedded): 05.34.09.0030, Intel Ice Lake: 05.32.30.0001, Intel Tiger Lake: 05.41.35.0001, Intel Whitley-SP: 05.42.11.0026, Intel Grantley-EP: 05.04.21.0068, Intel Elkhart Lake: 05.42.09.0003 Intel Purley-EP Refresh Neon City: 05.21.51.0040 |
INSYDE-SA-2021002 | 10/21/2021 | 10/21/2021 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-27339 | 7.2 | A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability. | INSYDE-SA-2021001 | 06/14/2021 | 07/02/2021 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2019-12532 | 6.9 | Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. | INSYDE-SA-2019001 | 08/12/2019 | - |
Various Side Channel Exploits:
Document and CVE #s to be provided when available
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Intel Security Advisory (SA) | Original Date | Last Revised |
| CVE-2019-0170 | 8.2 | Buffer overflow in subsystem in Intel(R) Dynamic Application Loader before [12.0.35] may allow privileged user to potentially enable escalation of privilege via local access. | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0153 | 9.0 | Buffer overflow in subsystem in Intel(R) CSME before 12.0.35 may allow unauthenticated user to potentially enable escalation of privilege via network access. | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0126 | 7.2 | Insufficient access control in Silicon Reference firmware for Intel (R) Xeon (R) Scalable Processor, Intel (R) Xeon (R) Processor D Family may allow privileged user to potentially enable escalation of privilege or denial of service via local access | INTEL-SA-00223 | 05/14/2019 | 05/14/2019 |
| CVE-2019-0120 | 5.3 | Insufficient key protection vulnerability in Silicon Reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow privileged user to potentially enable denial of service via local access. | INTEL-SA-00223 | 05/14/2019 | 05/14/2019 |
| CVE-2019-0119 | 5.7 | Buffer overflow vulnerability in system firmware for Intel (R) Xeon (R) Processor D Family, Intel (R) Xeon (R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable escalation of privilege or denial of service via local access. | INTEL-SA-00223 | 05/14/2019 | 05/14/2019 |
| CVE-2019-0098 | 5.7 | Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15may allow unauthenticated user to potentially enable escalation of privilege via physical access. | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0097 | 4.9 | Insufficient input validation vulnerability in subsystem for Intel(R) Active Management Technology (Intel(R) AMT) before version 12.0.35 may allow privileged user to potentially enable denial of service via network access. | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0096 | 6.7 | Out of bound write vulnerability in subsystem for Intel(R) Active Management Technology (Intel(R) AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow authenticated user to potentially enable escalation of privilege via adjacent network access. | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0094 | 4.3 | Insufficient input validation vulnerability in subsystem for Intel(R) Active Management Technology (Intel(R) AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow unauthenticated user to potentially enable denial of service via adjacent network access | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0093 | 2.3 | Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35, Intel(R) Server Platform Services before version SPS_E3_05.00.04.027.0 may allow privileged user to potentially enable information disclosure via local access | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0092 | 6.8 | Insufficient input validation vulnerability in subsystem for Intel(R) Active Management Technology (Intel(R) AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow unauthenticated user to potentially enable escalation of privilege via physical access | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0091 | 6.6 | Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow unprivileged user to potentially enable escalation of privilege via local access. | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0086 | 7.8 | Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow unprivileged user to potentially enable escalation of privilege via local access | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0090 | 7.1 | Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) Server Platform Services before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| CVE-2019-0089 | 8.1 | Improper data sanitization vulnerability in subsystem in Intel(R) Server Platform Services before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow privileged user to potentially enable escalation of privilege via local access | INTEL-SA-00213 | 05/14/2019 | 04/14/2020 |
| N/A | 4.3 | Type confusion in HECI service for Intel(R) Server Platform Services Tools may allow authenticated user to potentially enable escalation of privilege via local access. | N/A | 03/04/2019 | - |
| CVE-2018-11091 | 3.8 | Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access | INTEL-SA-00233 | 05/14/2019 | 07/14/2020 |
| CVE-2018-12130 | 6.5 | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | INTEL-SA-00233 | 05/14/2019 | 07/14/2020 |
| CVE-2018-12127 | 6.5 | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | INTEL-SA-00233 | 05/14/2019 | 07/14/2020 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Intel Security Advisory (SA) | Original Date | Last Revised |
| CVE-2018-3615 | 7.3 | Systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. | INTEL-SA-00161 | 08/14/2018 | 09/29/2020 |
| CVE-2018-3620 | 6.5 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis | INTEL-SA-00161 | 08/14/2018 | 09/29/2020 |
| CVE-2018-3646 | 6.5 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | INTEL-SA-00161 | 08/14/2018 | 09/29/2020 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Intel Security Advisory (SA) | Original Date | Last Revised |
| CVE-2018-3628 | 8.1 | Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet | INTEL-SA-00112 | 07/10/2018 | 07/10/2018 |
| CVE-2018-3629 | 7.5 | Buffer overflow in event handler in Intel® Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x,4.x,5.x,6.x,7.x,8.x,9.x, 10.x,11.x may allow an attacker to cause a denial of service via the same subnet | INTEL-SA-00112 | 07/10/2018 | 07/10/2018 |
| CVE-2018-3632 | 6.4 | Memory corruption in Intel® Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x/7.x/8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 could be triggered by an attacker with local administrator permission on system | INTEL-SA-00112 | 07/10/2018 | 07/10/2018 |
| NA | 8.2 | Incorrect handling of memory types in Tianocore firmware potentially allows a local attacker to bypass SMM protections on memory | INTEL-SA-00159 | 07/10/2018 | 07/10/2018 |
| NA | 6.1 | Insecure handling of UEFI variables in Intel® Xeon® Scalable processors, Intel® Xeon® Processor E5 v4 Family, Intel® Xeon® Processor E5 v3 Family system firmware potentially allows a local attacker to disable security features of the platform. Intel reference firmware implemented setup options to enable/disable security features. These options are used in the validation environments to relax security when running tests in a lab environment. If used by malware on a production system, these features may result in elevation of privilege by disabling protection of the system configuration or denial of service. | INTEL-SA-00112 | 07/10/2018 | 07/10/2018 |
| NA | 7.6 | Platform sample code firmware included with 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), and 7th Gen Intel® Core™ Processor (Kaby Lake) contains a logic error potentially allowing a physical attacker to bypass firmware authentication. | INTEL-SA-00152 | 07/10/2018 | 07/10/2018 |
| NA | 6.8 | Logic error in platform sample code firmware included with 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), and 7th Gen Intel® Core™ Processor (Kaby Lake) potentially allows a physical attacker to exploit incorrect TPM measurement of system firmware. | INTEL-SA-00152 | 07/10/2018 | 07/10/2018 |
| CVE-2017-5704 | 7.2 | Platform sample code firmware included with 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), and 7th Gen Intel® Core™ Processor (Kaby Lake) potentially exposes password information in memory to a local attacker with administrative privileges. | INTEL-SA-00160 | 07/10/2018 | 07/10/2018 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Intel Security Advisory (SA) | Original Date | Last Revised |
| CVE-2018-3639 | 4.3 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | INTEL-SA-00115 | 05/21/2018 | 09/29/2020 |
| CVE-2018-3640 | 4.3 | Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis | INTEL-SA-00115 | 05/21/2018 | 09/29/2020 |
Disclosed by Google Project Zero
Variant 1 (Spectre), Variant 2 (Spectre), Variant 3 (Meltdown)
INTEL-SA-0088
Unsafe Opcodes exposed in Intel SPI based products
INTEL-SA-0087