Insyde's Security Pledge
Insyde Security Advisory 2022034
| Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
| INSYDE-SA-2022034 | Software | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N | 6.0 | 09/21/2022 | 09/21/2022 |
Summary:
SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O.
Vulnerability Details
This affects the FvbServicesRuntimeDxe driver of InsydeH2O. This issue was discovered by the Binarly efiXplorer team. This issue is fixed in InsydeH2O, versions:
Kernel 5.0 (issue IB02961492 in version 05.09.37)
Kernel 5.1 (issue IB02961492 in version 05.17.37)
Kernel 5.2 (issue IB02961492 in version 05.27.29)
Kernel 5.3 (issue IB02961492 in version 05.36.29)
Kernel 5.4 (issue IB02961492 in version 05.44.29)
Kernel 5.5 (issue IB02961492 in version 05.52.29)
Acknowledgements
Insyde Software would like to thank Binarly for reporting this issue.
Revision History:
| Revision | Date | Description |
| 1.0 | 09/21/2022 | Initial Release |
| - | - | - |