Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022036

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.6

2022-09-30

Summary

Side-channel analysis may allow unauthorized disclosure of information.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2017-5715

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
The original disclosure also describes issues that affect SMM when resuming to normal mode.

Solution Information

This issue is fixed in InsydeH2O, versions:

Kernel 5.0, unknown (End of Support)
Kernel 5.1, unknown (End of Support)
Kernel 5.2, version 05.23.47
Kernel 5.3, version 05.32.47
Kernel 5.4, version 05.40.47
Kernel 5.5, unaffected

Acknowledgements

This issue was described by the Binarly efiXplorer team (https://www.binarly.io/advisories/BRLY-2022-028)

Revision History

Revision #

Date

Description

2022-09-30

Initial Release

< Back to Security Pledge