Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2022028
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
3.6
2022-07-05
Summary
Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS.
Vulnerability Details
CVSS Vector: N/A
Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. The CVSS reflects this limited usage. The version of FreeType used in InsydeH2O was updated to 2.10.4.
CVE-2014-9746
CVE-2014-9674
CVE-2014-9668
CVE-2014-9665
CVE-2014-9663
CVE-2014-9662
CVE-2014-9661
CVE-2014-9660
CVE-2014-9659
CVE-2014-9658
CVE-2014-9657
CVE-2014-9656
CVE-2014-9673
CVE-2014-9669
CVE-2014-9667
CVE-2014-9666
CVE-2014-9664
CVE-2014-9672
CVE-2014-9747
CVE-2014-9675
CVE-2014-9671
CVE-2014-9670
Solution Information
This was fixed in the Kernel 5.0: 05.09.13, Kernel 5.1: 05.17.13, Kernel 5.2: 05.27.13, Kernel 5.3: 05.36.13, Kernel 5.4: 05.44.13, Kernel 5.5: 05.52.13.
Acknowledgements
Revision History
Revision #
Date
Description
1
2022-07-05
Initial Release