Insyde Security Advisory 2023018

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023034 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.3 06/13/2023 06/13/2023

Summary:

The CapsuleIFWUSmm driver does not check the return value which may cause memory leak.

Vulnerability Details

CVE-2022-46897

The CapsuleIFWUSmm driver does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Intel Mobile Platforms:

RPL: Version 05.44.15.0007
ADL-N: Version 05.44.23.0007
ADL: Version 05.44.15.0043
RKL: Version 05.42.52.0024
TGL: Version 05.43.12.0056
JSL: Version 05.43.01.0025

Intel Server/Embedded Platforms

Mehlow/Mehlow-R: Truunk
Tatlow: Version 05.42.52.0024
WhiskeyLake: Trunk
CometLake-S: Trunk
TigerLake UP3/H: Trunk
AlderLake: Version 05.44.23.0047
AlderLake-N: Version 05.44.34.0001

Acknowledgements

Insyde Software would like to thank Micro Yngwei , 3rd party researcher, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 06/13/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge