Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM.
Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM. According to Corey Kallenberg of LegbaCore:
System Management Mode (SMM) is the most privileged execution mode on the x86 processor. Non-SMM code can neither read nor write SMRAM (SMM RAM). Hence, even a ring 0 level attacker should be unable to gain access to SMM.
A local, authenticated attacker may be able to execute arbitrary code in the context of SMM and bypass Secure Boot. In systems that do not use protected range registers, an attacker may be able to reflash firmware.
Please see the Vendor Information section below to determine if your system may be affected. We are continuing to communicate with vendors as they investigate these vulnerabilities.
Dell Computer Corporation, Inc. Affected
Hewlett-Packard Company Affected
American Megatrends Incorporated (AMI) Not Affected
IBM Corporation Not Affected
Insyde Software Corporation Not Affected
Intel Corporation Not Affected
AsusTek Computer Inc. Unknown
Phoenix Technologies Ltd. Unknown
Sony Corporation Unknown
Thanks to Corey Kallenberg of LegbaCore for reporting this vulnerability.
This document was written by Joel Land.
|Date First Published:||2015-03-20|
|Date Last Updated:||2015-07-08 23:16 UTC|