Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023018
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
5.3
2023-06-13
Summary
The CapsuleIFWUSmm driver does not check the return value which may cause memory leak.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
The CapsuleIFWUSmm driver does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Solution Information
Intel Mobile Platforms:
RPL: Version 05.44.15.0007
ADL-N: Version 05.44.23.0007
ADL: Version 05.44.15.0043
RKL: Version 05.42.52.0024
TGL: Version 05.43.12.0056
JSL: Version 05.43.01.0025
Intel Server/Embedded Platforms
Mehlow/Mehlow-R: Truunk
Tatlow: Version 05.42.52.0024
WhiskeyLake: Trunk
CometLake-S: Trunk
TigerLake UP3/H: Trunk
AlderLake: Version 05.44.23.0047
AlderLake-N: Version 05.44.34.0001
Acknowledgements
Insyde Software would like to thank Micro Yngwei , 3rd party researcher, for reporting the vulnerability and engaging in this coordinated disclosure.
Revision History
Revision #
Date
Description
1
2023-06-13
Initial Release