Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2021004

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

4.9

2021-12-14

Summary

Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption).

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2021-33834

The driver iscflashx64.sys included in Insyde’s Client H2OFFT (Flash Firmware Tool) has a potential vulnerability which might allow authorized user to leak information and it could lead to system crash

Solution Information

Insyde Client H2OFFT version 3.00.01.00 or newer version.

Acknowledgements

Revision History

Revision #

Date

Description

2021-12-14

Initial Release

< Back to Security Pledge