Intel Corporation Information for VU#631788

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Status

Not Affected

Vendor Statement

This class of vulnerabilities redirects SMM code to execute instructions
outside SMRAM, and we often refer to them as "SMM Call-Out Vulnerabilities".
Intel is not currently aware of SMM call-out vulnerabilities in our supported
products.  In addition, the following mitigation may be relevant to the
discussion of these vulnerabilities.

Starting in Haswell-based client and server platforms, the "SMM Code Access
Check" feature is available in the CPU. If SMM code enables this in the
appropriate MSR, then logical processors are prevented from executing SMM code
outside the ranges defined by the SMRR. If SMI code jumps outside these ranges,
the CPU will assert a machine check exception. During BIOS development, this
can be an effective mechanism for BIOS developers to identify insecure
call-outs from SMM, and during runtime, this feature can also be effective at
blocking certain attacks that redirect SMM execution outside SMRAM.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.