Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2022060
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.5
2022-11-14
Summary
Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in:
Solution Information
Server/Embedded Platforms:
Intel
Purley-R: 05.21.51.0048
Whitley: 05.42.23.0066
Cedar Island: 05.42.11.0021
Eagle Stream: 05.44.25.0052
Greenlow/Greenlow-R(skylake/kabylake): Trunk
Mehlow/Mehlow-R (CoffeeLake-S): Trunk
Tatlow (RKL-S): Trunk
Denverton: 05.10.12.0042
Snow Ridge: Trunk
Graneville DE: 05.05.15.0038
Grangeville DE NS: 05.27.26.0023
Bakerville: 05.21.51.0026
Idaville: 05.44.27.0030
Whiskey Lake: Trunk
Comet Lake-S: Trunk
Tiger Lake H/UP3: 05.43.12.0052
Alder Lake: 05.44.23.0047
Gemini Lake: Not Affected
Apollo Lake: Not Affected
Elkhart Lake: 05.44.30.0018
AMD
ROME: trunk
MILAN: 05.36.10.0017
GENOA: 05.52.25.0006
Snowy Owl: Trunk
R1000: 05.32.50.0018
R2000: 05.44.30.0005
V2000: Trunk
Ryzen 5000: 05.44.30.0004
Embedded ROME: Trunk
Embedded MILAN: Trunk
Hygon
Hygon #1/#2: 05.36.26.0016
Hygon #3: 05.44.26.0007
Mobile/Client Platforms
Intel:
Tiger Lake: 05.43.12.0053
Jasper Lake: 05.43.01.0024
Rocket Lake: 05.42.52.0025
Alder Lake: 05.44.34.0052
Alder Lake: 05.44.34.0012
Raptor Lake: 05.44.34.0019
AMD:
Renoir AM4: 05.42.23.0013
Vermeer AM4: 05.42.23.0013
Cezanne AM4: 05.42.38.0020
Cezanne FP6: 05.42.37.0028
Lucienne FP6: 05.42.37.0028
Barcelo FP6: 05.42.37.0028
Rembrandt FP7: 05.44.30.0018
Mendocino FT6: 05.52.28.0008
Raphael AM5: 05.52.32.0007
Acknowledgements
Revision History
Revision #
Date
Description
1
2022-11-14
Initial Release