Notified: September 12, 2014 Updated: December 08, 2014
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: December 16, 2014
Not Affected
For the issue reported, it does not affect Apple products.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: September 12, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: September 12, 2014 Updated: January 21, 2015
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: September 12, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: September 12, 2014 Updated: September 12, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: September 12, 2014 Updated: December 16, 2014
Not Affected
Internally, we have assigned PSIRT Advisory 2173 to VU#533140. Our development team analyzed the potential vulnerability, and the results of their analysis were that IBM is not exposed to this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: February 03, 2015
Affected
Insyde has reviewed the Insyde BIOS code and believes the variable store is protected by flash write protections. However Insyde did also fix this coding error in late 2012. These updates were in Tags 03.72.49 and 05.02.49 which was the 2012 work week 49 release. The internal tracking number was IB02960648. In 2014 Intel added some additional suggestions to protect the variable store. Insyde has reviewed the suggestions and in late 2014 implemented the additional suggestions. These later updates were available in Tags 03.74.45 and 05.04.45. The internal tracking number was IB02960684. OEM and ODM customers are advised to contact their Insyde support representative for documentation and assistance. End users are advised to contact the manufacturer of their equipment.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: December 19, 2014
Not Affected
The originally reported issue in FSVariable.c only affects functionality where variable storage is emulated by an OS file system; it is not intended for production use. However, the same logic is used in other locations that are used in production. Intel introduced changes in the EDK2 implementation (SVN 16280) and independently notified OEMs and BIOS vendors about this issue. Note that this issue would not normally be exposed; a separate vulnerability must allow modification of the non-volatile storage usually located on SPI flash, allowing the attacker to introduce valid variable headers after the end of the variable storage area. At this time, Intel is not aware of any Intel-branded products that are affected by this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: January 21, 2015
Not Affected
http://support.lenovo.com/us/en/product_security/uefi_variable_reclaim
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: December 19, 2014
Not Affected
We investigated this item and found none of our current or previously shipped products to be vulnerable.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 12, 2014 Updated: September 12, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: September 12, 2014 Updated: September 12, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.