Insyde's Security Pledge
Insyde Security Advisory 2023003
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023003 | Software | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 8.2 | 02/14/2023 | 02/14/2023 |
Summary:
DMA attacks on the IHISI command buffer could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.
Vulnerability Details
DMA attacks on the IHISI command buffer could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. This issue was discovered by Insyde engineering. This issue was fixed in the kernel versions below, which also protects chipset and OEM chipset IHISI functions:
Kernel 5.2: 05.27.37
Kernel 5.3: 05.36.37
Kernel 5.4: 05.44.45
Kernel 5.5: 05.52.45
CWE-367
Revision History:
Revision | Date | Description |
1.0 | 02/14/2023 | Initial Release |
-- | -- | -- |