Insyde's Security Pledge

IhisiServicesSmm: Arbitrary calls to SetVariable with unsanitized arguments in SMI handler.

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

CVE-2023-39284
BRLY-2023-005

SMI handler that passes attacker controlled arguments to SmmSetVariable() without any sort of filtering/sanitization.

kernel 5.2: Version 05.28.33
kernel 5.3: Version 05.37.33
kernel 5.4: Version 05.45.33
kernel 5.5: Version 05.53.33
kernel 5.6: Version 05.60.33

Thanks to the BINARLY efiXplorer team, 3rd party researchers, for reporting the vulnerability and engaging in this coordinated disclosure.