Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2024021

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

6.7

2025-04-08

Summary

Howyar Reloader UEFI Application vulnerable to execution of unsigned software in a hardcoded path.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2024-7344

The Howyar UEFI Application “Reloader” (32-bit and 64-bit), distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded path. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process in the UEFI context.

Solution Information

Secure Boot DBX upgrade.

kernel 5.2, Version 05.2A.04
kernel 5.3, Version 05.39.04
kernel 5.4, Version 05.47.04
kernel 5.5, Version 05.55.04
kernel 5.6, Version 05.62.04
kernel 5.7, Version 05.71.04

Acknowledgements

Revision History

Revision #

Date

Description

2025-04-08

Initial Release

< Back to Security Pledge