Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2024003

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.6

2025-12-09

Summary

[EDK2]UsbKbDxe: Uncleared password keystrokes in circular queue might lead to information disclosure or escalation of privilege

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2024-38798

When entering in a password , the password keystrokes are stored in a circular queue but this queue is not cleared after password entry, making it possible to snoop the some or all of the password characters later in some cases by direct examination of the memory which was used, leading to possible information disclosure or escalation of privileges.

CWE-312: Cleartext Storage of Sensitive Information

Solution Information

Kernel 5.2: Version 05.2A.36
Kernel 5.3: Version 05.39.36
Kernel 5.4: Version 05.47.36
Kernel 5.5: Version 05.55.36
Kernel 5.6: Version 05.62.36
Kernel 5.7: Version 05.71.36

Acknowledgements

Revision History

Revision #

Date

Description

2025-12-09

Initial Release

< Back to Security Pledge