Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023031

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7

2024-01-09

2024-01-09

Summary

VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification.

Vulnerability Details

CVSS Vector: Multiple

  1. CVE-2022-36763: Heap Buffer Overflow in Tcg2MeasureGptTable()
    CVSS: 7
    CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
  2. CVE-2022-36764: Heap Buffer Overflow in Tcg2MeasurePeImage()
    CVSS: 7
    CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
  3. CVE-2022-36765 Integer Overflow in CreateHob() could lead to HOB OOB R/W (InsydeH2O is unaffected)
    CVSS: 7
    CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Solution Information

Kernel 5.2: Version 05.28.49
Kernel 5.3: Version 05.37.49
Kernel 5.4: Version 05.45.49
Kernel 5.5: Version 05.53.50
Kernel 5.6: Version 05.60.50

Acknowledgements

Revision History

Revision #

Date

Description

1

2024-01-09

Initial Release

2024-01-09