Insyde's Security Pledge
Insyde Security Advisory 2023021
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023021 | Software | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L | 6.4 | 04/10/2023 | 04/10/2023 |
Summary:
IhisiServicesSmm: IHISI Subfunction Execution May Corrupt SMRAM.
Vulnerability Details
An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.
Kernel 5.3: Version 05.37.03
Kernel 5.4: Version 05.45.01
Kernel 5.5: Version 05.53.01
Acknowledgements
Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.
Revision History:
Revision | Date | Description |
1.0 | 04/10/2023 | Initial Release |
-- | -- | -- |