Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023018

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.3

2023-06-13

Summary

The CapsuleIFWUSmm driver does not check the return value which may cause memory leak.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CVE-2022-46897

The CapsuleIFWUSmm driver does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Solution Information

Intel Mobile Platforms:
RPL: Version 05.44.15.0007
ADL-N: Version 05.44.23.0007
ADL: Version 05.44.15.0043
RKL: Version 05.42.52.0024
TGL: Version 05.43.12.0056
JSL: Version 05.43.01.0025

Intel Server/Embedded Platforms
Mehlow/Mehlow-R: Truunk
Tatlow: Version 05.42.52.0024
WhiskeyLake: Trunk
CometLake-S: Trunk
TigerLake UP3/H: Trunk
AlderLake: Version 05.44.23.0047
AlderLake-N: Version 05.44.34.0001

Acknowledgements

Insyde Software would like to thank Micro Yngwei , 3rd party researcher, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History

Revision #

Date

Description

1

2023-06-13

Initial Release