Insyde's Security Pledge
Recent Security Advisories

INSYDE-SA-2022044
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.5
2022-11-08
Summary
DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack).
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group.
Solution Information
Kernel 5.2: 05.27.21
Kernel 5.3: 05.36.21
Kernel 5.4: 05.44.21
Kernel 5.5: 05.52.21
Acknowledgements
Revision History
Revision #
Date
Description
1
2022-11-08
Initial Release