Insyde's Security Pledge
Insyde Security Advisory 2022018
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022018 | Software | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 7.5 | 02/01/2022 | 02/01/2022 |
Summary:
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code .
Vulnerability Details
This corresponds to CVE-2021-41840. It affects the driver SdHostDriver. This issue was discovered internally by during an Insyde code review but was not entered as a security incident until September 17, 2021. It was independently reported by Binarly (BRLY-2021-019) in September 2021. The code that fixed the issue can be found in the following Insyde kernel versions, starting on August 28, 2020. Kernel 5.0: not present. Kernel 5.1: not present. Kernel 5.2: 05.23.35 Kernel 5.3: 05.32.35 Kernel 5.4: 05.40.35 Kernel 5.5: not present.
Acknowledgements:
Insyde Software would like to thank Binarly for reporting this issue.
Revision History:
Revision | Date | Description |
1.0 | 02/01/2022 | Initial Release |
- | - | - |