Insyde Security Advisory 2023020

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023020 Software CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L 7.9 04/10/2023 04/10/2023


ChipsetSvcSmm: insufficient Input Validation In BIOS Guard Updates

Vulnerability Details


An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.

Intel Mobile platforms:

RPL: Version
ADL-N: Version
ADL: Version
RKL: Version
TGL: Version
JSL: Version

Intel Server/Embedded platforms:

Greenlow-R Server : Trunk
Greenlow-R Workstation / Kaby Lake RVP : Trunk
Mehlow/Mehlow-R(CFL-S) : Trunk
Tatlow (RKS) : Trunk
WhiskeyLake : Trunk
CometLake-S : Trunk
TigerLake UP3/H : Trunk
AlderLake : Version
Alder Lake N : Trunk

AMD platforms: Unaffected


Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 04/10/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge