Insyde's Security Pledge
Insyde Security Advisory 2023020
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023020 | Software | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L | 7.9 | 04/10/2023 | 04/10/2023 |
Summary:
ChipsetSvcSmm: insufficient Input Validation In BIOS Guard Updates
Vulnerability Details
An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.
Intel Mobile platforms:
RPL: Version 05.44.45.0028
ADL-N: Version 05.44.45.0015
ADL: Version 05.44.34.0054
RKL: Version 05.42.52.0026
TGL: Version 05.43.12.0056
JSL: Version 05.43.01.0026
Intel Server/Embedded platforms:
Greenlow-R Server : Trunk
Greenlow-R Workstation / Kaby Lake RVP : Trunk
Mehlow/Mehlow-R(CFL-S) : Trunk
Tatlow (RKS) : Trunk
WhiskeyLake : Trunk
CometLake-S : Trunk
TigerLake UP3/H : Trunk
AlderLake : Version 05.44.23.0047
Alder Lake N : Trunk
AMD platforms: Unaffected
Acknowledgements
Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.
Revision History:
Revision | Date | Description |
1.0 | 04/10/2023 | Initial Release |
-- | -- | -- |