Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2026001
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
Multiple
2026-05-12
Summary
Code change to accommodate OpenSSL 3.0.19
Vulnerability Details
CVSS Vector: Multiple
InsydeH2O code change to accommodate OpenSSL 3.0.19 which addresses following vulnerabilities.
1. CVE-2025-15467 (High)
Description: Stack buffer overflow in CMS AuthEnvelopedData parsing.
Status: Affected
2. CVE-2025-68160 (Low)
Description: Heap out-of-bounds write in BIO_f_linebuffer on short writes.
Status: Not Affected
3. CVE-2025-69418 (Low)
Description: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
Status: Not Affected
4. CVE-2025-69419 (Low)
Description: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
Status: Not Affected
5. CVE-2025-69420 (Low)
Description: Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
Status: Not Affected
6. CVE-2025-69421 (Low)
Description: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
Status: Affected
7. CVE-2026-22795 (Low)
Description: Missing ASN1_TYPE validation in PKCS#12 parsing
Status: Not Affected
8. CVE-2026-22796 (Low)
Description: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
Status: Affected
Solution Information
Kernel 5.3: Version 05.3A.07
Kernel 5.4: Version 05.48.07
Kernel 5.5: Version 05.56.07
Kernel 5.6: Version 05.63.07
Kernel 5.7: Version 05.72.07
Acknowledgements
Revision History
Revision #
Date
Description
1
2026-05-12
Initial Release