Insyde's Security Pledge
Insyde Security Advisory 2023007
| Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
| INSYDE-SA-2023007 | Software | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 8.2 | 02/14/2023 | 02/14/2023 |
Summary:
DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.
Vulnerability Details
DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. The issue was discovered by Insyde engineering. This version was fixed in the kernel versions below.
Kernel 5.2: 05.27.33
Kernel 5.3: 05.36.33
Kernel 5.4: 05.44.29
Kernel 5.5: 05.52.29
Revision History:
| Revision | Date | Description |
| 1.0 | 02/14/2023 | Initial Release |
| -- | -- | -- |