Insyde's Security Pledge
Insyde Security Advisory 2022028
| Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
| INSYDE-SA-2022028 | Software | N/A | 3.6 | 07/05/2022 | 07/05/2022 |
Summary:
Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS.
Vulnerability Details
Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. The CVSS reflects this limited usage. The version of FreeType used in InsydeH2O was updated to 2.10.4. This was fixed in the Kernel 5.0: 05.09.13, Kernel 5.1: 05.17.13, Kernel 5.2: 05.27.13, Kernel 5.3: 05.36.13, Kernel 5.4: 05.44.13, Kernel 5.5: 05.52.13.
Refer to:
CVE-2014-9746
CVE-2014-9674
CVE-2014-9668
CVE-2014-9665
CVE-2014-9663
CVE-2014-9662
CVE-2014-9661
CVE-2014-9660
CVE-2014-9659
CVE-2014-9658
CVE-2014-9657
CVE-2014-9656
CVE-2014-9673
CVE-2014-9669
CVE-2014-9667
CVE-2014-9666
CVE-2014-9664
CVE-2014-9672
CVE-2014-9747
CVE-2014-9675
CVE-2014-9671
CVE-2014-9670
Revision History:
| Revision | Date | Description |
| 1.0 | 07/05/2022 | Initial Release |
| - | - | - |