Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023055

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.3

2023-10-31

Summary

CsmInt10HookSmm: SMM memory corruption vulnerability in SMM driver (SMRAM write).

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CVE-2023-39283
BRLY-2023-004

SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Solution Information

Intel Mobile Platforms
Raptor Lake: Version 05.44.23.0010
Alder Lake: Version 05.44.20.0045

Acknowledgements

Thanks to the BINARLY efiXplorer team, 3rd party researchers, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History

Revision #

Date

Description

2023-10-31

Initial Release

< Back to Security Pledge