Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022040

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7.7

2022-11-04

Summary

Stack buffer overflow vulnerability leads to arbitrary code execution.

Vulnerability Details

CVSS Vector: CVSS3.1:AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVE-2022-35407

This issue affects the SetupUtility driver of InsydeH2O in releases supporting specific chipsets. The issue was discovered by the Binarly efiXplorer team. This issue is fixed in various InsydeH2O chipset versions.

Solution Information

Acknowledgements

Revision History

Revision #

Date

Description

1

2022-11-04

Initial Release