Insyde's Security Pledge
Insyde Security Advisory 2023040
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023040 | Software | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L | 6.1 | 03/12/2024 | 03/12/2024 |
Summary:
IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables.
Vulnerability Details:
- CVE-2023-28149: A vulnerability in the IhisiServiceSmm module that could allow an attacker to modify UEFI variables.
CVSS: 6.1
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L - H2OFFT:
For Client platforms
Win Package: 3.00.21.00 (Tool: v6.60 or newer)
Shell Package: 3.00.11.00 (Tool: v2.31 or newer)
For Server/Embedded platforms
Windows: v200.02.00.08 or newer
Shell: v200.02.00.08 or newer
Linux: v200.02.00.08 or newer - H2OUVE
Windows: 200.02.00.13 or newer
Shell: 200.02.00.13 or newer
Linux: 200.02.00.13 or newer - H2OOAE
Windows: v200.02.00.03 or newer
Shell: v200.02.00.03 or newer
Linux: v200.02.00.03 or newer
Solution Information:
kernel 5.2: Version in 05.28.42
kernel 5.3: Version in 05.37.42
kernel 5.4: Version in 05.45.39
kernel 5.5: Version in 05.53.39
kernel 5.6: Version in 05.60.39
Tool accommodation:
Revision History:
Revision | Date | Description |
1.0 | 03/12/2024 | Initial Release |
- | - | - |