Insyde's Security Pledge
Insyde Security Advisory 2022037
|Insyde ID||Advisory Category||Impact of Vulnerability||Severity Rating||Original Date||Last Revised|
Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process.
These boot loaders are blocked from execution in InsydeH2O, versions:
kernel 5.0, unknown (End of Support)
kernel 5.1, unknown (End of Support)
kernel 5.2, version 05.27.34
kernel 5.3, version 05.36.34
kernel 5.4, version 05.44.34
kernel 5.5, version 05.52.34
This issue was reported to Microsoft by Eclypsium.