Insyde's Security Pledge
Insyde Security Advisory 2022060
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022060 | Software | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 7.5 | 11/14/2022 | 12/07/2022 |
Summary:
Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications.
Vulnerability Details
During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in:
Server/Embedded Platforms:
Intel
Purley-R: 05.21.51.0048
Whitley: 05.42.23.0066
Cedar Island: 05.42.11.0021
Eagle Stream: 05.44.25.0052
Greenlow/Greenlow-R(skylake/kabylake): Trunk
Mehlow/Mehlow-R (CoffeeLake-S): Trunk
Tatlow (RKL-S): Trunk
Denverton: 05.10.12.0042
Snow Ridge: Trunk
Graneville DE: 05.05.15.0038
Grangeville DE NS: 05.27.26.0023
Bakerville: 05.21.51.0026
Idaville: 05.44.27.0030
Whiskey Lake: Trunk
Comet Lake-S: Trunk
Tiger Lake H/UP3: 05.43.12.0052
Alder Lake: 05.44.23.0047
Gemini Lake: Not Affected
Apollo Lake: Not Affected
Elkhart Lake: 05.44.30.0018
AMD
ROME: trunk
MILAN: 05.36.10.0017
GENOA: 05.52.25.0006
Snowy Owl: Trunk
R1000: 05.32.50.0018
R2000: 05.44.30.0005
V2000: Trunk
Ryzen 5000: 05.44.30.0004
Embedded ROME: Trunk
Embedded MILAN: Trunk
Hygon
Hygon #1/#2: 05.36.26.0016
Hygon #3: 05.44.26.0007
Mobile/Client Platforms
Intel:
Tiger Lake: 05.43.12.0053
Jasper Lake: 05.43.01.0024
Rocket Lake: 05.42.52.0025
Alder Lake: 05.44.34.0052
Alder Lake: 05.44.34.0012
Raptor Lake: 05.44.34.0019
AMD:
Renoir AM4: 05.42.23.0013
Vermeer AM4: 05.42.23.0013
Cezanne AM4: 05.42.38.0020
Cezanne FP6: 05.42.37.0028
Lucienne FP6: 05.42.37.0028
Barcelo FP6: 05.42.37.0028
Rembrandt FP7: 05.44.30.0018
Mendocino FT6: 05.52.28.0008
Raphael AM5: 05.52.32.0007
Revision History:
Revision | Date | Description |
1.0 | 11/14/2022 | Initial Release |
1.1 | 12/07/2022 | Added Mobile/Client platforms |