Insyde's Security Pledge
Insyde Security Advisory 2023017
| Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
| INSYDE-SA-2023017 | Software | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 6.4 | 03/07/2023 | 03/07/2023 |
Summary:
H2OSmmDebugPrintErrorLevelLib: Variable size is not initialized before calling GetVariable
Vulnerability Details
DAn attacker may change the size of variable to be larger than original variable size. When get variable without certain size, it may get the variable data size over the size of the buffer which has been allocated or is a local variable with fixed size. The stack buffer overflow will occur and lead to arbitrary code execution.
Purley-R: Version 05.21.51.0051
Whitley: Version 05.42.23.0069
Cedar Island: Trunk
Eagle Stream: Version 05.44.53.0070
Mehlow-R: Trunk
Jacobsville(SNR): Version 05.36.26.0053
Grangeville NS / Hewitt Lake: Version 05.27.48.0026
Bakerville: Version 05.21.51.0028
Idaville: Version 05.44.52.0041
Whiskey Lake: Trunk
Alder Lake N: Version 05.44.50.0002
Rome: Trunk
Milan: Trunk
Genoa: Version 05.52.53.0012
Embedded Rome: Trunk
Embedded Milan: Trunk
Hygon #1/#2: Version 05.36.48.0018
Hygon #3: Version 05.45.02.0009
Revision History:
| Revision | Date | Description |
| 1.0 | 03/07/2023 | Initial Release |
| -- | -- | -- |