Insyde Security Advisory 2023022

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023022 Software CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L 6.4 04/10/2023 04/10/2023


IhisiServicesSmm: Save State Register Not Checked Before Use

Vulnerability Details


Due to insufficient input validation, an attacker can corrupt SMRAM.

Intel Mobile platforms:

RPL: Version
ADL-N: Version
ADL: Version
RKL: Version
TGL: Version
JSL: Version

Intel Server/Embedded platforms:

Mehlow/Mehlow-R(CFL-S) : Version
Tatlow (RKS) :Version
WhiskeyLake : Version
CometLake-S : Version
TigerLake UP3/H : Version
AlderLake : Version
ElkhartLake : Version
Alder Lake N : Version

AMD platforms:

ROME : Trunk
MILAN : Version
GENOA : Master
Ryzen 5000 : IB20080004 @ Trunk
EmbROME : IB06170334 @ Trunk
EmbMILAN : IB06170335 @ Trunk


Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 04/10/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge