Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023017
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
6.4
2023-03-07
Summary
H2OSmmDebugPrintErrorLevelLib: Variable size is not initialized before calling GetVariable.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
An attacker may change the size of variable to be larger than original variable size. When get variable without certain size, it may get the variable data size over the size of the buffer which has been allocated or is a local variable with fixed size. The stack buffer overflow will occur and lead to arbitrary code execution.
Solution Information
Purley-R: Version 05.21.51.0051
Whitley: Version 05.42.23.0069
Cedar Island: Trunk
Eagle Stream: Version 05.44.53.0070
Mehlow-R: Trunk
Jacobsville(SNR): Version 05.36.26.0053
Grangeville NS / Hewitt Lake: Version 05.27.48.0026
Bakerville: Version 05.21.51.0028
Idaville: Version 05.44.52.0041
Whiskey Lake: Trunk
Alder Lake N: Version 05.44.50.0002
Rome: Trunk
Milan: Trunk
Genoa: Version 05.52.53.0012
Embedded Rome: Trunk
Embedded Milan: Trunk
Hygon #1/#2: Version 05.36.48.0018
Hygon #3: Version 05.45.02.0009
Acknowledgements
Revision History
Revision #
Date
Description
1
2023-03-07
Initial Release