Insyde Security Advisory 2023018

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023034 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.3 06/13/2023 06/13/2023


The CapsuleIFWUSmm driver does not check the return value which may cause memory leak.

Vulnerability Details


The CapsuleIFWUSmm driver does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Intel Mobile Platforms:

RPL: Version
ADL-N: Version
ADL: Version
RKL: Version
TGL: Version
JSL: Version

Intel Server/Embedded Platforms

Mehlow/Mehlow-R: Truunk
Tatlow: Version
WhiskeyLake: Trunk
CometLake-S: Trunk
TigerLake UP3/H: Trunk
AlderLake: Version
AlderLake-N: Version


Insyde Software would like to thank Micro Yngwei , 3rd party researcher, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 06/13/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge