Since our inception 20 years ago, security has been essential. Hundreds of OEMs and ODM partners have trusted us with enabling the platforms that form the foundation of their products, knowing we share their commitment to make them secure. Product security is a top priority with our company and an area of focus that we continue to improve upon every day.
- We sit on the security review team of the industry’s leading firmware standards body; the UEFI Security Response Team.
- We have internal product security experts that drive our Security Development Lifecycle (SDL) process within our BIOS and BMC firmware teams and evaluate existing and emerging threats.
- We issue regular and timely security alert bulletins when mitigations to vulnerabilities are discovered.
- We work closely with all of our silicon vendor partners to ensure the timely and critical delivery of microcode updates and other patches.
At Insyde, we work with the broader industry to identify, report, mitigate and disclose security vulnerabilities. We support you, our customers and partners, in closing the door to anything which compromises the security or privacy in your platforms. We take this role seriously, because if your firmware is not secure, your product is not secure.
This is our pledge to you. If you have any questions about Insyde Software’s commitment to security, I urge you to reach out to us at security.report@insyde.com
Tim Lewis, Chief Technology Officer
Insyde Software Security Advisories for InsydeH2O UEFI Firmware:
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2024-1298 |
5.3 |
[EDK2] FirmwarePerformancePei: Potential UINT32 overflow and subsequent divide by 0 |
INSYDE-SA-2024006 |
09/10/2024 |
09/10/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
7.4 |
SMM memory corruption vulnerability could lead to escalating privileges in SMM. (CWE-822) |
INSYDE-SA-2024001 |
05/13/2024 |
05/13/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2023-47252 |
4.7 |
PnpSmm: Possible out of bounds in SMM communication buffer, leading to tampering. |
INSYDE-SA-2023067 |
04/09/2024 |
04/09/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2023-28149 |
6.1 |
IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables. |
INSYDE-SA-2023040 |
03/12/2024 |
03/12/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
5.3~8.3 |
VU#132380
Vulnerabilities in EDK2 NetworkPkg IP stack implementation. |
INSYDE-SA-2023066 |
01/16/2024 |
09/10/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
7 |
VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification. |
INSYDE-SA-2023031 |
01/09/2024 |
01/09/2024 |
Insyde Software Security Advisories for Supervyse BMC Firmware:
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
Low |
Upgrade OpenSSL to 3.2.1 |
INSYDE-SA-2024009 |
09/10/2024 |
09/10/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2024-26306 |
TBD |
Upgrade iperf3 to 3.17 |
INSYDE-SA-2024005 |
08/19/2024 |
08/19/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
N/A |
Upgrade libexpat to 2.6.2 |
INSYDE-SA-2024004 |
05/13/2024 |
05/13/2024 |
Multiple |
5.5~8.1 |
Upgrade libcurl to 8.7.1 |
INSYDE-SA-2024002 |
05/13/2024 |
05/13/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
Multiple |
5.3~6.5 |
Upgrade to curl version 8.5.0 |
INSYDE-SA-2023068 |
03/12/2024 |
03/12/2024 |
Common Vulnerabilities and Exposures (CVE) |
CVSS v3 Vulnerability Severity |
Description |
Insyde Security Advisory (SA) |
Date (MM/DD/YYYY) |
Last Revised |
CVE-2023-38545 |
9.8 |
curl: SOCKS5 heap buffer overflow. |
INSYDE-SA-2023065 |
01/09/2024 |
01/09/2024 |
Past Announcements
2023 Advisories
2022 Advisories
2021 and Previous Years Advisories