Insyde's Security Pledge

[EDK2] Unsafe handling of IDT register on SMM entry allows arbitrary code execution with System Management Mode (SMM) privileges.

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-3770

Description: A security issue has been identified in the SMM environment on some products. The vulnerability is that on entering SMM with certain CPUs, microcode leaves the IDT.limit unchanged. Because of this, unexpected exceptions that occur before SMM reloads the IDT will be delivered to an untrusted interrupt handler, allowing privilege escalation into SMM. One possible source of these exceptions are machine check exceptions that arrive in SMM. The suggested fix is to delay enabling Machine Check Exceptions in SMM until after the SMM IDT has been reloaded.

Kernel 5.2, Version 05.2A.31
Kernel 5.3, Version 05.39.31
Kernel 5.4, Version 05.47.31
Kernel 5.5, Version 05.55.31
Kernel 5.6, Version 05.62.31
Kernel 5.7, Version 05.71.31