Insyde's Security Pledge

Recent Security Advisories

Security Advisory Archives

BIOS & BMC

Link
Summary
CVSS Score
INSYDE-SA-2022021A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022020A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be used by an attacker to overwrite address location of any of the functions (FreePool,LocateHandleBuffer,HandleProtocol) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022019A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be used by an attacker to overwrite address location of the function (LocateHandleBuffer) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022018A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code .
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022017A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022016SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022015SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022014SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022013SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022012SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022011SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022010SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
8.2
Back to Security Pledge