Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2024022

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

6.3

2025-08-12

Summary

[EDK2] iSCSI Remote Memory Corruption and Denial of Service

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2024-38805

Description: A malicious iSCSI target could reply to the iSCSI initiator with a malformed packet, causing out-of-bounds memory reads and writes. This most likely leads to a denial of service, as the write primitive should not be exploitable.

Solution Information

kernel 5.2, Version 05.29.51
kernel 5.3, Version 05.38.51
kernel 5.4, Version 05.46.51
kernel 5.5, Version 05.54.51
kernel 5.6, Version 05.61.51
kernel 5.7, Version 05.70.51

Acknowledgements

Revision History

Revision #

Date

Description

2025-08-12

Initial Release

< Back to Security Pledge