Insyde Security Advisory 2021004

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2021004 Software CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 4.9 12/14/2021 09/05/2023

Summary:

Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption).

Vulnerability Details:

CVE-2021-33834
The driver iscflashx64.sys included in Insyde's Client H2OFFT (Flash Firmware Tool) has a potential vulnerability which might allow authorized user to leak information and it could lead to system crash

Solution Information:
Insyde Client H2OFFT version 3.00.01.00 or newer version.

Revision History:

Revision Date Description
1.0 12/14/2021 Initial Release
-- -- --

Return to Insyde's Security Pledge