Insyde's Security Pledge
Insyde Security Advisory 2022039
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022039 | Software | CVSS3.1:AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | 7.7 | 11/04/2022 | 11/04/2022 |
Summary:
Stack buffer overflow vulnerability leads to arbitrary code execution.
Vulnerability Details
This issue affects the MebxConfiguration driver of InsydeH2O in releases supporting specific chipsets. The issue was discovered by the Binarly efiXplorer team. This issue is fixed in various InsydeH2O versions, depending on the chipset:
This was fixed in the Kernel, versions:
Ice Lake: Version 05.33.15.0052
Tiger Lake: Version 05.43.12.0054
Alder Lake: Version 05.44.23.0050
Snow Ridge: Version 05.36.26.0053
Denverton: Version 05.10.12.0043
NEX Alder Lake: IB16560316 @ Trunk
All other Intel and all AMD platforms are unaffected.
Acknowledgements
This issue was described by the Binarly efiXplorer team (https://www.binarly.io/advisories/BRLY-2022-019)
Revision History:
Revision | Date | Description |
1.0 | 11/04/2022 | Initial Release |
- | - | - |