Insyde Security Advisory 2023029

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023029 Software 5.9-7.4 05/09/2023 05/09/2023

Summary:

Code change to accommodate OpenSSL 1.1.1t.

Vulnerability Details

InsydeH2O code change to accommodate OpenSSL 1.1.1t and fix the following vulnerabilities.

  1. CVE-2023-0286
    CVSS:7.4
    Description: X.400 address type confusion in X.509 GeneralName
  2. CVE-2022-4304
    CVSS:5.9
    Description: Timing Oracle in RSA Decryption
  3. CVE-2023-0215
    CVSS:5.9
    Description: Use-after-free following BIO_new_NDEF
  4. CVE-2022-4450
    CVSS:5.9
    Description: Double free after calling PEM_read_bio_ex


kernel 5.0: unaffected
kernel 5.1: unaffected
kernel 5.2: unaffected
kernel 5.3: Version 05.37.07
kernel 5.4: Version 05.45.07
kernel 5.5: Version 05.53.07

Revision History:

Revision Date Description
1.0 05/09/2023 Initial Release
1.1 09/14/2023 Updated description and summary for improved clarity.

Return to Insyde's Security Pledge