Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2024015
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.2
2025-04-08
Summary
AcpiS3SaveDxe/ChipsetSvcDxe: A potential DXE memory corruption vulnerability
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
The use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This type of vulnerability can be used by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution.
Solution Information
kernel 5.2, Version 05.29.44
kernel 5.3, Version 05.38.44
kernel 5.4, Version 05.46.44
kernel 5.5, Version 05.54.44
kernel 5.6, Version 05.61.44
kernel 5.7, Version 05.70.44
Acknowledgements
Revision History
Revision #
Date
Description
1
2025-04-08
Initial Release