Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023009
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
8.2
2023-02-14
Summary
DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. This issue was discovered by Insyde engineering.
Solution Information
This issue was fixed in the kernel versions below:
Kernel 5.2: 05.27.27
Kernel 5.3: 05.36.27
Kernel 5.4: 05.44.27
Kernel 5.5: 05.52.27
CWE-367
Acknowledgements
Revision History
Revision #
Date
Description
1
2023-02-14
Initial Release