Insyde's Security Pledge
Insyde Security Advisory 2022040
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022040 | Software | CVSS3.1:AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | 7.7 | 11/04/2022 | 11/04/2022 |
Summary:
Stack buffer overflow vulnerability leads to arbitrary code execution.
Vulnerability Details
This issue affects the SetupUtility driver of InsydeH2O in releases supporting specific chipsets. The issue was discovered by the Binarly efiXplorer team. This issue is fixed in various InsydeH2O chipset versions.
This was fixed in the Kernel, versions
Elkhart Lake: Version 05.44.30.0019
Greenlow-R(Kaby Lake): IB08621928 @ trunk
Mehlow(Coffee Lake): IB08621927 @ trunk
Whiskey Lake: IB08621928 @ trunk
Comet Lake: IB08621930 @ trunk
Tatlow: IB16990202 @ trunk
Alder Lake (server): IB19370169 @ trunk
Tiger Lake: Version 05.43.12.0053
Jasper Lake: Version 05.43.01.0024
Rocket Lake: Version 05.42.52.0024
Alder Lake: Version 05.44.31.0051
Ice Lake: Version 05.33.15.0051
Kaby Lake: Version 05.12.09.0081
Coffee Lake 3-in-1: Version 05.23.04.0050
Whiskey Lake CP: Version 05.23.45.0028
Comet Lake: Version 05.34.19.0044
Rocket Lake CMP: Version 05.34.51.0023
All other Intel and all AMD platforms are unaffected.
Acknowledgements
This issue was described by the Binarly efiXplorer team (https://www.binarly.io/advisories/BRLY-2022-020)
Revision History:
Revision | Date | Description |
1.0 | 11/04/2022 | Initial Release |
- | - | - |