Insyde's Security Pledge
Insyde Security Advisory 2021004
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2021004 | Software | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 4.9 | 12/14/2021 | 09/05/2023 |
Summary:
Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption).
Vulnerability Details:
CVE-2021-33834
The driver iscflashx64.sys included in Insyde's Client H2OFFT (Flash Firmware Tool) has a potential vulnerability which might allow authorized user to leak information and it could lead to system crash
Solution Information:
Insyde Client H2OFFT version 3.00.01.00 or newer version.
Revision History:
Revision | Date | Description |
1.0 | 12/14/2021 | Initial Release |
-- | -- | -- |