Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2023052
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
5.3
2023-09-12
Summary
SystemFirmwareManagementRuntimeDxe: potential arbitrary code execution in the DXE phase
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
An attacker could get arbitrary code execution in the DXE phase, before several chipset locks are set.
CWE-822
Solution Information
Kernel 5.2: Version 05.28.22
Kernel 5.3: Version 05.37.22
Kernel 5.4: Version 05.45.22
Kernel 5.5: Version 05.53.22
Kernel 5.6: Version 05.60.22
Acknowledgements
Revision History
Revision #
Date
Description
1
2023-09-12
Initial Release