Jeremy Boone

Nome do software vulnerável e versões afetadas: Firmware UEFI da Intel (versões afetadas não especificadas) Descrição: O problema está relacionado a uma gravação fora dos limites no firmware UEFI de alguns processadores Intel. Isso poderia permitir que um usuário com privilégios potencialmente conseguisse escalar privilégios por meio de acesso local. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

Nome do software vulnerável e versões afetadas: Processadores Intel(R) (versões afetadas não especificadas) Descrição: O problema está relacionado a uma desreferência de ponteiro NULL no firmware UEFI de alguns processadores Intel(R). Isso pode permitir que um usuário com privilégios potencialmente consiga escalar privilégios por meio de acesso local. A vulnerabilidade está associada a erros na desreferência de ponteiros, que podem ser explorados por um invasor para elevar seus privilégios. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

Nome do software vulnerável e versões afetadas: Firmware UEFI da Intel (versões afetadas não especificadas) Descrição: O problema está relacionado a uma leitura fora dos limites no firmware UEFI de alguns processadores Intel. Isso pode permitir que um usuário com privilégios cause uma negação de serviço por meio de acesso local. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the BIOS firmware for some Intel(R) Processors. This may allow an authenticated user to potentially enable escalation of privilege via adjacent access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to insufficient validation of user input in the BIOS firmware for some Intel processors. This may allow a privileged user to potentially enable escalation of privilege via adjacent access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Insyde InsydeH2O with kernel 5.0 through 5.5 **Description** An issue was discovered due to insufficient input validation, allowing an attacker to tamper with a runtime-accessible EFI variable. This can cause a dynamic BAR setting to overlap SMRAM. **Recommendations** For Insyde InsydeH2O with kernel 5.0 through 5.5, consider restricting access to runtime-accessible EFI variables to prevent tampering until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InsydeH2O versions prior to 01.01.04.0016 **Description** An issue was discovered where a malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. **Recommendations** For versions prior to 01.01.04.0016, update to version 01.01.04.0016 to resolve the issue. As a temporary workaround, consider restricting access to runtime-writable EFI variables to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Insyde InsydeH2O versions 5.2 through 5.5 **Description** An issue was discovered in Insyde InsydeH2O where the Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM. **Recommendations** For versions 5.2 through 5.5, as a temporary workaround, consider restricting access to the IhisiSmm driver until a patch is available. Additionally, avoid using the Save State register in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Insyde InsydeH2O with kernel versions 5.0 through 5.5 **Description** An issue was discovered in IhisiSmm that allows writing to an attacker-controlled address. This can be achieved by invoking an SMI handler with a malformed pointer in `RCX` that overlaps SMRAM, resulting in SMM memory corruption. **Recommendations** For versions 5.0 through 5.5, consider disabling the SMI handler invocation with a malformed pointer in `RCX` to minimize the risk of SMM memory corruption until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Insyde InsydeH2O with kernel versions 5.0 through 5.5 **Description** An issue was discovered in IhisiSmm that may corrupt SMRAM. An attacker can pass an address in the `RCX` save state register that overlaps SMRAM, coercing an IHISI subfunction handler to overwrite private SMRAM. The vulnerability is related to errors in state management and can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Insyde InsydeH2O with kernel versions 5.0 through 5.5, consider disabling the IHISI subfunction execution as a temporary workaround until a patch is available. Restrict access to the SMRAM to minimize the risk of exploitation. Avoid using the `RCX` save state register in the affected kernel versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InsydeH2O versions 5.0 through 5.5 **Description** The issue is related to insufficient input validation in BIOS Guard updates, which can lead to memory corruption in SMM. An attacker can exploit this by supplying malformed inputs to the BIOS Guard SMI handler, potentially causing damage to memory. **Recommendations** For versions 5.0 through 5.5, consider restricting access to the BIOS Guard SMI handler to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid supplying malformed inputs to the BIOS Guard SMI handler. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InsydeH2O versions 5.0 through 5.5 **Description** The issue is related to the IhisiSmm component in the InsydeH2O UEFI firmware framework. It involves a buffer overflow in memory, which can be exploited by a malicious host OS invoking an Insyde SMI handler with malformed arguments. This results in memory corruption in SMM and potentially allows an attacker to execute arbitrary code. **Recommendations** For versions 5.0 through 5.5, consider disabling the Insyde SMI handler as a temporary workaround until a patch is available. Restrict access to the IhisiSmm component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Integrated Sensor Solution versions prior to 5.4.2.4579v3 Intel(R) Integrated Sensor Solution versions prior to 5.4.1.4479 Intel(R) Integrated Sensor Solution versions prior to 5.0.0.4143 **Description** The issue is an out-of-bounds read in the firmware for the Intel(R) Integrated Sensor Solution. This may allow a privileged user to potentially enable denial of service via local access. **Recommendations** For versions prior to 5.4.2.4579v3, update to version 5.4.2.4579v3 or later. For versions prior to 5.4.1.4479, update to version 5.4.1.4479 or later. For versions prior to 5.0.0.4143, update to version 5.0.0.4143 or later.