Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2025001

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

Low

2025-06-10

Summary

[OpenSSL]Timing side-channel in ECDSA signature computation.

Vulnerability Details

CVSS Vector: TBD

CVE-2024-13176

A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation.

Solution Information

Kernel 5.3, Version 05.39.09 (update TLS to OpenSSL 3.0.16)
Kernel 5.4, Version 05.47.09 (update TLS to OpenSSL 3.0.16)
Kernel 5.5, Version 05.55.09 (update TLS to OpenSSL 3.0.16)
Kernel 5.6, Version 05.62.09 (update TLS to OpenSSL 3.0.16)
Kernel 5.7, Version 05.71.09 (Code change to accommodate OpenSSL 3.0.16)

Acknowledgements

Revision History

Revision #

Date

Description

2025-06-10

Initial Release

< Back to Security Pledge