Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022028

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

3.6

2022-07-05

Summary

Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS.

Vulnerability Details

CVSS Vector: N/A

Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. The CVSS reflects this limited usage. The version of FreeType used in InsydeH2O was updated to 2.10.4.

CVE-2014-9746
CVE-2014-9674
CVE-2014-9668
CVE-2014-9665
CVE-2014-9663
CVE-2014-9662
CVE-2014-9661
CVE-2014-9660
CVE-2014-9659
CVE-2014-9658
CVE-2014-9657
CVE-2014-9656
CVE-2014-9673
CVE-2014-9669
CVE-2014-9667
CVE-2014-9666
CVE-2014-9664
CVE-2014-9672
CVE-2014-9747
CVE-2014-9675
CVE-2014-9671
CVE-2014-9670

Solution Information

This was fixed in the Kernel 5.0: 05.09.13, Kernel 5.1: 05.17.13, Kernel 5.2: 05.27.13, Kernel 5.3: 05.36.13, Kernel 5.4: 05.44.13, Kernel 5.5: 05.52.13.

Acknowledgements

Revision History

Revision #

Date

Description

1

2022-07-05

Initial Release