Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023040
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
6.1
2024-03-12
Summary
IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
- CVE-2023-28149: A vulnerability in the IhisiServiceSmm module that could allow an attacker to modify UEFI variables.
CVSS: 6.1
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
Solution Information
Solution Information:
kernel 5.2: Version in 05.28.42
kernel 5.3: Version in 05.37.42
kernel 5.4: Version in 05.45.39
kernel 5.5: Version in 05.53.39
kernel 5.6: Version in 05.60.39
Tool accommodation:
- H2OFFT:
For Client platforms
Win Package: 3.00.21.00 (Tool: v6.60 or newer)
Shell Package: 3.00.11.00 (Tool: v2.31 or newer)
For Server/Embedded platforms
Windows: v200.02.00.08 or newer
Shell: v200.02.00.08 or newer
Linux: v200.02.00.08 or newer - H2OUVE
Windows: 200.02.00.13 or newer
Shell: 200.02.00.13 or newer
Linux: 200.02.00.13 or newer - H2OOAE
Windows: v200.02.00.03 or newer
Shell: v200.02.00.03 or newer
Linux: v200.02.00.03 or newer
Acknowledgements
Revision History
Revision #
Date
Description
1
2024-03-12
Initial Release