Insyde Security Advisory 2023038

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023038 Software CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N 5.9 08/08/2023 08/08/2023

Summary:

FDM TOCTOU access after measurement allows redirected code execution.

Vulnerability Details:

CVE-2022-24351

Using SPI injection, it is possible to modify the FDM contents after it has been measured. This TOCTOU attack could be used to alter data and code used by the remainder of the boot process.

Solution Information:
Kernel 5.2: Version 05.27.29
Kernel 5.3: Version 05.36.29
Kernel 5.4: Version 05.44.13
Kernel 5.5: Version 05.52.13

Revision History:

Revision Date Description
1.0 08/08/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge