Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023036
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
4.1
2023-08-08
Summary
MeSetup UEFI variable may be overwritten and causes DOS attacks.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
UEFI implementations do not correctly protect and validate information contained in the ‘MeSetup’ UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.
Solution Information
Intel Mobile Platforms:
Raptor Lake: Version 05.45.11.0033
Raptor Lake: Version 05.45.11.0033
Alder Lake-N: Version 05.44.45.0016
Alder Lake: Version 05.44.34.0055
Rocket Lake: Version 05.42.52.0028
Tiger Lake: Version 05.43.12.0057
Intel Server/Embedded Platforms:
ElkhartLake: Version 05.45.07.0020
Alder Lake-N: Version 05.45.07.0003
AMD Platforms:
Unaffected.
Acknowledgements
Revision History
Revision #
Date
Description
1
2023-08-08
Initial Release