Insyde Security Advisory 2022040

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2022040 Software CVSS3.1:AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 7.7 11/04/2022 11/04/2022


Stack buffer overflow vulnerability leads to arbitrary code execution.

Vulnerability Details


This issue affects the SetupUtility driver of InsydeH2O in releases supporting specific chipsets. The issue was discovered by the Binarly efiXplorer team. This issue is fixed in various InsydeH2O chipset versions.

This was fixed in the Kernel, versions

Elkhart Lake: Version
Greenlow-R(Kaby Lake): IB08621928 @ trunk
Mehlow(Coffee Lake): IB08621927 @ trunk
Whiskey Lake: IB08621928 @ trunk
Comet Lake: IB08621930 @ trunk
Tatlow: IB16990202 @ trunk
Alder Lake (server): IB19370169 @ trunk
Tiger Lake: Version
Jasper Lake: Version
Rocket Lake: Version
Alder Lake: Version
Ice Lake: Version
Kaby Lake: Version
Coffee Lake 3-in-1: Version
Whiskey Lake CP: Version
Comet Lake: Version
Rocket Lake CMP: Version

All other Intel and all AMD platforms are unaffected.


This issue was described by the Binarly efiXplorer team (

Revision History:

Revision Date Description
1.0 11/04/2022 Initial Release
- - -

Return to Insyde's Security Pledge