Insyde's Security Pledge
Insyde Security Advisory 2023035
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023035 | Software | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L | 6.4 | 05/05/2023 | 05/05/2023 |
Summary:
Insufficient TSEG Overlap Checks.
Vulnerability Details
Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
Intel Mobile Platforms:
RapterLake: Version 05.45.02.0028
AlderLake-N: Version 05.44.45.0015
AlderLake: Version 05.44.34.0053
RocketLake: Version 05.42.52.0027
TigerLake: Version 05.43.12.0057
JasperLake: Version 05.43.01.0026
Acknowledgements
Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.
Revision History:
Revision | Date | Description |
1.0 | 05/05/2023 | Initial Release |
-- | -- | -- |