Insyde's Security Pledge
Insyde Security Advisory 2022038
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022038 | Software | CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L | 3.6 | 09/30/2022 | 09/30/2022 |
Summary:
Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS.
Vulnerability Details
Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. The CVSS reflects this limited usage. The version of FreeType used in InsydeH2O was updated to 2.10.4.
This was fixed in the Kernel, versions
kernel 5.0, unknown (End of Support)
kernel 5.1, version 05.17.33
kernel 5.2, version 05.27.33
kernel 5.3, version 05.36.34
kernel 5.4, version 05.44.34
kernel 5.5, version 05.52.33
Acknowledgements
This issue was discovered by the Insyde engineering team based on FreeType reports (https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/)
Revision History:
Revision | Date | Description |
1.0 | 09/30/2022 | Initial Release |
- | - | - |