A possible exploitation scenario is when using PnpSmm with the subsequent PnpSmmSMI functions. In this scenario, the initialization function can lead to SMRAM corruption. This issue was found in the handling of the PnpSmmSMI_CreateData structure. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022068
CVE-2019-5769 - L1 Terminal Fault In some cases, the physical address of the CPU that has been executed can be hidden and this becomes a security issue. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.0: Version 05.05.22 Kernel 5.1: Version 05.17.24 Kernel 5.2: Version 05.27.26 Kernel 5.3: Version 05.36.27 Kernel 5.4: Version 05.44.28 Kernel 5.5: Version 05.52.29 https://www.insyde.com/security-pledge/SA-2022071
CVE-2019-5770 - EIP overwrite Insecure handling of EIP (Extended Instruction Pointer) in
Insyde's products include a SmartFusion2-based SoC for the automotive industry which includes an onboard NFC interface. The devices also include Intel CPU with AES-NI acceleration and support for Secure Boot.
Insyde has discovered potential security vulnerabilities:
* CVE-2019-5769 - L1 Terminal Fault
* CVE-2019-5770 - EIP overwrite
These vulnerabilities may allow unauthorized physical access to sensitive information or other harmful actions, potentially leading to software corruption, system crash, denial of service, and remote code execution. Insyde has notified its customers of this issue and provided mitigation instructions in the Security Pledge. These vulnerabilities have been addressed in into the following releases: Kernel 5.0: Version 05.05.22 Kernel 5.1: Version 05.17.24 Kernel 5.2: Version 05.27.26 Kernel 5.3: Version 05.36.27 Kernel 5.4: Version 05.44.28 Kernel 5.5: Version 05.52.29https://www2s2c2a8a8b9cc31f76d7d6a4581ba618e58ef4330b4d669f3e99aa4019