Insyde's Security Pledge
Insyde Software Security Advisory
| Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
| INSYDE-SA-2021002 | Software | Escalation of Priviledges | TBD | 10/14/2021 | 10/14/2021 |
Summary:
Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.
Vulnerability Details
Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.
Intel Skylake: 05.04.15.0001, Intel Skylake MRD: 05.05.39.0001,
Intel Kaby Lake (Client): 05.10.48.0001, Intel Greenlow/Greenlow-R (Server/Embedded): 05.12.09.0075, Intel Kaby Lake MRD: 05.11.26.0015,
Intel Cannon Lake: 05.21.43.0001,
Intel Coffee Lake (Client): 05.21.43.0001, Intel Mehlow/Mehlow-R(Server/Embedded): 05.23.04.0045,
Intel Whiskey Lake (Client): 05.21.43.0001, Intel Whiskey Lake RVP (Server/Embedded): 05.23.45.0023, Intel Whiskey Lake/Coffee Lake: 05.23.27.0001,
Intel Comet Lake (Client): 05.32.47.0001, Intel Comet Lake RVP (Server/Embedded): 05.34.09.0030,
Intel Ice Lake: 05.32.30.0001, Intel Tiger Lake: 05.41.35.0001,
Intel Whitley-SP: 05.42.11.0026,
Intel Grantley-EP: 05.04.21.0068,
Intel Elkhart Lake: 05.42.09.0003
Intel Purley-EP Refresh Neon City: 05.21.51.0040
Acknowledgements:
Insyde Software would like to thank Jiawei Yin (@yngweijw) for reporting this issue.
Revision History:
| Revision | Date | Description |
| 1.0 | 10/14/2021 | Initial Release |
| - | - | - |