Insyde's Security Pledge

Recent Security Advisories

Our Pledge

We support you, our customers and partners, in closing the door to anything which compromises the security or privacy in your platforms.

Since our inception 20 years ago, security has been essential. Hundreds of OEMs and ODM partners have trusted us with enabling the platforms that form the foundation of their products, knowing we share their commitment to make them secure. Product security is a top priority and one that we continue to improve upon continuously.

  • We sit on the security review team of the industry’s leading firmware standards body; the UEFI Security Response Team.
  • We have internal product security experts that drive our Security Development Lifecycle (SDL) process within our BIOS and BMC firmware teams and evaluate existing and emerging threats.
  • We issue regular and timely security alert bulletins when mitigations to vulnerabilities are discovered.
  • We work closely with all of our silicon vendor partners to ensure the timely and critical delivery of microcode updates and other patches.

At Insyde, we work with the broader industry to identify, report, mitigate and disclose security vulnerabilities. We support you, our customers and partners, in closing the door to anything which compromises the security or privacy in your platforms. We take this role seriously, because if your firmware is not secure, your product is not secure.

This is our pledge to you. If you have any questions about Insyde Software’s commitment to security, I urge you to reach out to us at security.report@insyde.com

If you have an Insyde security issue to report, please click on the link below.

Report an Issue

Security Advisories

BIOS

Link
Summary
CVSS Score
INSYDE-SA-2024007IhisiServiceSmm: A vulnerability in the module could allow an attacker to modify UEFI variables.
5.3
Link
Summary
CVSS Score
INSYDE-SA-2024006 [EDK2] FirmwarePerformancePei: Potential UINT32 overflow and subsequent divide by 0.
5.3
Link
Summary
CVSS Score
INSYDE-SA-2024001SMM memory corruption vulnerability could lead to escalating privileges in SMM. (CWE-822)
7.4
Link
Summary
CVSS Score
INSYDE-SA-2023067PnpSmm: Possible out of bounds in SMM communication buffer, leading to tampering.
4.7
Link
Summary
CVSS Score
INSYDE-SA-2023040IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables.
6.1

BMC

Link
Summary
CVSS Score
INSYDE-SA-2024011Upgrade curl to v8.10.1.
See in Description
Link
Summary
CVSS Score
INSYDE-SA-2024010Upgrade BIND to v9.18.28.
See in Description
Link
Summary
CVSS Score
INSYDE-SA-2024009Upgrade OpenSSL to 3.2.1.
Low
Link
Summary
CVSS Score
INSYDE-SA-2024005Upgrade iperf3 to 3.17
N/A
Link
Summary
CVSS Score
INSYDE-SA-2024004Upgrade libcurl to 8.7.1
N/A