Insyde Security Advisory 2023031

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023031 Software Refer to details below 7 01/09/2024 01/09/2024

Summary:

VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification.

Vulnerability Details:

  1. CVE-2022-36763: Heap Buffer Overflow in Tcg2MeasureGptTable()
    CVSS: 7
    CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
  2. CVE-2022-36764: Heap Buffer Overflow in Tcg2MeasurePeImage()
    CVSS: 7
    CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
  3. CVE-2022-36765 Integer Overflow in CreateHob() could lead to HOB OOB R/W (InsydeH2O is unaffected)
    CVSS: 7
    CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Solution Information:
Kernel 5.2: Version 05.28.49
Kernel 5.3: Version 05.37.49
Kernel 5.4: Version 05.45.49
Kernel 5.5: Version 05.53.50
Kernel 5.6: Version 05.60.50

Revision History:

Revision Date Description
1.0 01/09/2024 Initial Release
- - -

Return to Insyde's Security Pledge