Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2024006

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.3

2024-09-10

Summary

[EDK2] FirmwarePerformancePei: Potential UINT32 overflow and subsequent divide by 0.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE-2024-1298:
BRLY-2023-021, BZ-4677

An attacker with the ability to modify physical memory can control the value of AcpiS3ResumeRecord->ResumeCount. It could cause a system crash and leading to a DoS.

Solution Information

Solution Information:

kernel 5.2: Version 05.29.26
kernel 5.3: Version 05.38.26
kernel 5.4: Version 05.46.26
kernel 5.5: Version 05.54.26
kernel 5.6: Version 05.61.26

Acknowledgements

Thanks to Binarly for the coordinated disclosure.

Revision History

Revision #

Date

Description

2024-09-10

Initial Release

< Back to Security Pledge