Insyde Security Advisory 2023054

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023054 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N 4.1 10/31/2023 10/31/2023


AsfSecureBootDxe: Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase.

Vulnerability Details:


Stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.

Solution Information:

Intel Mobile Platforms
Raptor Lake: Version
Alder Lake N: Version
Alder Lake: Version

AMD Mobile Platforms
Phoenix FP7_FP8 / Hawk Point 5.5: Version
Dragon Range: Version
Mendocino: Version
Raphael: Version
Rembrandt: Version:
VanGogh: Tag
Barcelo/Cezanne/Lucienne: Version

Intel Embedded/Server Platforms
Mehlow/Mehlow-R(CFL-S): Trunk
Tatlow (RKS): Trunk
TigerLake UP3/H: Trunk
AlderLake: Trunk
Raptor Lake: Trunk
Alder Lake N: Version


Thanks to the BINARLY efiXplorer team, 3rd party researchers, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 10/31/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge