Insyde Software Corporation Information for VU#976132
UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 03 Feb 2015
"Insyde has reviewed the Insyde BIOS code and did find some vulnerabilities to some of the items in this report. Insyde used the Native EDK II Lock Box Mechanism for saving the Boot Script in our Insyde H2O 5 codebase thus providing adequate protection. By late 2014 Insyde created a protection mechanism for our Insyde H2O 3.7 codebase to protect the Boot Script. By late 2014 Insyde had protected the AcpiGlobalVariable for both codebases.
The Variable updates were available in Tags 03.74.42 and 05.04.42 which was the 2014 work week 42 release. The internal tracking number was IB02960681.
The Insyde H2O 3.7 Boot Script protection mechanism was made available in various chipset Tags.
OEM and ODM customers are advised to contact their Insyde support representative for documentation and assistance.
End users are advised to contact the manufacturer of their equipment."
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.