Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM.
Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM. According to Corey Kallenberg of LegbaCore:
System Management Mode (SMM) is the most privileged execution mode on the x86 processor. Non-SMM code can neither read nor write SMRAM (SMM RAM). Hence, even a ring 0 level attacker should be unable to gain access to SMM.
A local, authenticated attacker may be able to execute arbitrary code in the context of SMM and bypass Secure Boot. In systems that do not use protected range registers, an attacker may be able to reflash firmware.
Please see the Vendor Information section below to determine if your system may be affected. We are continuing to communicate with vendors as they investigate these vulnerabilities.
Thanks to Corey Kallenberg of LegbaCore for reporting this vulnerability.
This document was written by Joel Land.
|Date First Published:||2015-03-20|
|Date Last Updated:||2015-07-08 23:16 UTC|