Insyde Security Advisory 2023055

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023055 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.3 10/31/2023 10/31/2023

Summary:

CsmInt10HookSmm: SMM memory corruption vulnerability in SMM driver (SMRAM write).

Vulnerability Details:

CVE-2023-39283
BRLY-2023-004

SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Solution Information:

Intel Mobile Platforms
Raptor Lake: Version 05.44.23.0010
Alder Lake: Version 05.44.20.0045

Acknowledgements:

Thanks to the BINARLY efiXplorer team, 3rd party researchers, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 10/31/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge