Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023031
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7
2024-01-09
2024-01-09
Summary
VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification.
Vulnerability Details
CVSS Vector: Multiple
- CVE-2022-36763: Heap Buffer Overflow in Tcg2MeasureGptTable()
CVSS: 7
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H - CVE-2022-36764: Heap Buffer Overflow in Tcg2MeasurePeImage()
CVSS: 7
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H - CVE-2022-36765 Integer Overflow in CreateHob() could lead to HOB OOB R/W (InsydeH2O is unaffected)
CVSS: 7
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Solution Information
Kernel 5.2: Version 05.28.49
Kernel 5.3: Version 05.37.49
Kernel 5.4: Version 05.45.49
Kernel 5.5: Version 05.53.50
Kernel 5.6: Version 05.60.50
Acknowledgements
Revision History
Revision #
Date
Description
1
2024-01-09
Initial Release
2024-01-09