Insyde's Security Pledge
Insyde Security Advisory 2022036
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022036 | Software | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | 5.6 | 09/30/2022 | 09/30/2022 |
Summary:
Side-channel analysis may allow unauthorized disclosure of information
Vulnerability Details
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
The original disclosure also describes issues that affect SMM when resuming to normal mode.
This issue is fixed in InsydeH2O, versions:
Kernel 5.0, unknown (End of Support)
Kernel 5.1, unknown (End of Support)
Kernel 5.2, version 05.23.47
Kernel 5.3, version 05.32.47
Kernel 5.4, version 05.40.47
Kernel 5.5, unaffected
Acknowledgements
This issue was described by the Binarly efiXplorer team (https://www.binarly.io/advisories/BRLY-2022-028)
Revision History:
Revision | Date | Description |
1.0 | 09/30/2022 | Initial Release |
- | - | - |