#VU81907 Security features bypass in Insyde Kernel - CVE-2023-30633

Cybersecurity Help s.r.o.

Published: 2023-10-11

Vulnerability identifier: #VU81907

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-30633

CWE-ID: CWE-254

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Insyde Kernel
Operating systems & Components / Operating system

Vendor: Insyde Software

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists within the TrEEConfigDriver driver that can report false TPM PCR values. An attacker with physical access to device can write arbitrary values into Platform Configuration Register (PCR) banks and mask malicious activity on the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Insyde Kernel: before 5.3

External links
https://www.insyde.com/security-pledge/SA-2023045

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell Client Platform update for INSYDE UEFI BIOS

Security restrictions bypass in Insyde kernel