American Megatrends Incorporated (AMI) Not Affected

Notified:  December 10, 2014 Updated: April 10, 2015

Statement Date:   April 09, 2015

Status

Not Affected

Vendor Statement

AMI is working with OEMs to ensure that derivative projects in the field and production are also not affected by this vulnerability. End users should contact their board manufacturer for further information about availability of BIOS updates for their products.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple Unknown

Notified:  December 10, 2014 Updated: December 10, 2014

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    AsusTek Computer Inc. Unknown

    Notified:  December 10, 2014 Updated: December 10, 2014

    Status

    Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Dell Computer Corporation, Inc. Affected

      Notified:  December 10, 2014 Updated: March 19, 2015

      Status

      Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Addendum

      Dell Latitude E6430 BIOS Revision A09 and possibly others are affected.

      Gateway Unknown

      Notified:  December 10, 2014 Updated: December 10, 2014

      Status

      Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Hewlett-Packard Company Affected

        Notified:  December 10, 2014 Updated: March 19, 2015

        Status

        Affected

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Vendor References

        Addendum

        HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 and possibly others are affected.

        IBM Corporation Not Affected

        Notified:  December 10, 2014 Updated: January 08, 2015

        Statement Date:   January 07, 2015

        Status

        Not Affected

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Insyde Software Corporation Not Affected

        Notified:  December 10, 2014 Updated: February 02, 2015

        Statement Date:   February 02, 2015

        Status

        Not Affected

        Vendor Statement

        Insyde has reviewed the Insyde BIOS code and believes all Insyde systems are not vulnerable to this issue. However to be prudent, Insyde has hardened all of the interfaces in InsydeH2O SMM handlers. The updates were available in Tags 03.74.26 and 05.04.25 which was the 2014 work week 25 and 26 release. The internal tracking number was IB02960648. OEM and ODM customers are advised to contact their Insyde support representative fordocumentation and assistance. End users are advised to contact the manufacturer of their equipment.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Intel Corporation Not Affected

        Notified:  December 10, 2014 Updated: March 02, 2015

        Statement Date:   March 02, 2015

        Status

        Not Affected

        Vendor Statement

        This class of vulnerabilities redirects SMM code to execute instructions outside SMRAM, and we often refer to them as "SMM Call-Out Vulnerabilities". Intel is not currently aware of SMM call-out vulnerabilities in our supported products. In addition, the following mitigation may be relevant to the discussion of these vulnerabilities. Starting in Haswell-based client and server platforms, the "SMM Code Access Check" feature is available in the CPU. If SMM code enables this in the appropriate MSR, then logical processors are prevented from executing SMM code outside the ranges defined by the SMRR. If SMI code jumps outside these ranges, the CPU will assert a machine check exception. During BIOS development, this can be an effective mechanism for BIOS developers to identify insecure call-outs from SMM, and during runtime, this feature can also be effective at blocking certain attacks that redirect SMM execution outside SMRAM.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Lenovo Affected

        Notified:  December 10, 2014 Updated: October 15, 2015

        Statement Date:   October 14, 2015

        Status

        Affected

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor Information

        We are not aware of further vendor information regarding this vulnerability.

        Vendor References

        Phoenix Technologies Ltd. Unknown

        Notified:  December 10, 2014 Updated: December 10, 2014

        Status

        Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          Sony Corporation Unknown

          Notified:  December 10, 2014 Updated: December 10, 2014

          Status

          Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Toshiba Unknown

            Notified:  December 10, 2014 Updated: December 10, 2014

            Status

            Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              View all 13 vendors View less vendors