Insyde's Security Pledge
Insyde Security Advisory 2023021
|Insyde ID||Advisory Category||Impact of Vulnerability||Severity Rating||Original Date||Last Revised|
IhisiServicesSmm: IHISI Subfunction Execution May Corrupt SMRAM.
An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.
Kernel 5.3: Version 05.37.03
Kernel 5.4: Version 05.45.01
Kernel 5.5: Version 05.53.01
Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.