Insyde Software Corporation Information for VU#631788

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Status

Not Affected

Vendor Statement

Insyde has reviewed the Insyde BIOS code and believes all Insyde systems are not vulnerable to this issue.  However to be prudent, Insyde has hardened all of the interfaces in InsydeH2O SMM handlers.

The updates were available in Tags 03.74.26 and 05.04.25 which was the 2014 work week 25 and 26 release.  The internal tracking number was IB02960648. OEM and ODM customers are advised to contact their Insyde support representative fordocumentation and assistance. End users are advised to contact the manufacturer of their equipment.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.