Notified: December 10, 2014 Updated: April 10, 2015
Statement Date: April 09, 2015
Not Affected
AMI is working with OEMs to ensure that derivative projects in the field and production are also not affected by this vulnerability. End users should contact their board manufacturer for further information about availability of BIOS updates for their products.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2014 Updated: December 10, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 10, 2014 Updated: December 10, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 10, 2014 Updated: March 19, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Dell Latitude E6430 BIOS Revision A09 and possibly others are affected.
Notified: December 10, 2014 Updated: December 10, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 10, 2014 Updated: March 19, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09 and possibly others are affected.
Notified: December 10, 2014 Updated: January 08, 2015
Statement Date: January 07, 2015
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2014 Updated: February 02, 2015
Statement Date: February 02, 2015
Not Affected
Insyde has reviewed the Insyde BIOS code and believes all Insyde systems are not vulnerable to this issue. However to be prudent, Insyde has hardened all of the interfaces in InsydeH2O SMM handlers. The updates were available in Tags 03.74.26 and 05.04.25 which was the 2014 work week 25 and 26 release. The internal tracking number was IB02960648. OEM and ODM customers are advised to contact their Insyde support representative fordocumentation and assistance. End users are advised to contact the manufacturer of their equipment.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2014 Updated: March 02, 2015
Statement Date: March 02, 2015
Not Affected
This class of vulnerabilities redirects SMM code to execute instructions outside SMRAM, and we often refer to them as "SMM Call-Out Vulnerabilities". Intel is not currently aware of SMM call-out vulnerabilities in our supported products. In addition, the following mitigation may be relevant to the discussion of these vulnerabilities. Starting in Haswell-based client and server platforms, the "SMM Code Access Check" feature is available in the CPU. If SMM code enables this in the appropriate MSR, then logical processors are prevented from executing SMM code outside the ranges defined by the SMRR. If SMI code jumps outside these ranges, the CPU will assert a machine check exception. During BIOS development, this can be an effective mechanism for BIOS developers to identify insecure call-outs from SMM, and during runtime, this feature can also be effective at blocking certain attacks that redirect SMM execution outside SMRAM.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2014 Updated: October 15, 2015
Statement Date: October 14, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 10, 2014 Updated: December 10, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 10, 2014 Updated: December 10, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 10, 2014 Updated: December 10, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.