Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022031

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7.5

2022-09-21

Summary

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-35408

This affects the UsbLegacyControlSmm driver of InsydeH2O. This issue was discovered by the Binarly efiXplorer team. This issue is fixed in InsydeH2O, versions:

Solution Information

Kernel 5.0 (issue IB02040690 in version 05.09.38)
Kernel 5.1 (issue IB02040690 in version 05.17.38)
Kernel 5.2 (issue IB02040690 in version 05.27.28)
Kernel 5.3 (issue IB02040690 in version 05.36.28)
Kernel 5.4 (issue IB02040690 in version 05.44.28)
Kernel 5.5 (issue IB02040690 in version 05.52.28)

Acknowledgements

Insyde Software would like to thank Binarly for reporting this issue.

Revision History

Revision #

Date

Description

1

2022-09-21

Initial Release