Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2024007

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

5.3

2024-11-12

Summary

IhisiServiceSmm: A vulnerability in the module could allow an attacker to modify UEFI variables.

Vulnerability Details

CVSS Vector: 3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CVE-2024-39707

IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms.

This has the same root cause as CVE-2023-28149 but with different impact.

Solution Information

kernel 5.2: Version 05.29.19
kernel 5.3: Version 05.38.19
kernel 5.4: Version 05.46.19
kernel 5.5: Version 05.54.19
kernel 5.6: Version 05.61.19

Acknowledgements

Revision History

Revision #

Date

Description

2024-11-12

Initial Release

< Back to Security Pledge