Tagged: intel

VU#577140: BIOS implementations fail to properly set UEFI write protections after waking from sleep mode 0

VU#577140: BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

Vulnerability Note VU#577140 BIOS implementations fail to properly set UEFI write protections after waking from sleep mode Original Release date: 30 Jul 2015 | Last revised: 30 Jul 2015 Overview Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Description According to Cornwell, Butterworth, Kovah, and Kallenberg, who reported the issue affecting certain Dell client systems (CVE-2015-2890): There are a number of chipset mechanisms on Intel x86-based computers that provide protection of the BIOS from arbitrary reflash with attacker-controlled data. One of these is the BIOSLE and BIOSWE pair of bits found in the BIOS_CNTL register in the chipset.

VU#631788: Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM 0

VU#631788: Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Vulnerability Note VU#631788 Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM