系微自20年前成立以來,產品的安全可靠至關重要。數以百計的OEM及ODM合作夥伴信任我們,使我們能夠建立構成其產品基礎的平台,因為我們知道我們共同致力於確保其產品的安全性。產品安全是我們公司的首要任務,也是我們每天不斷改進的重點領域。

  • 我們是業界領先的韌體標準機構安全審核小組成員之一; 即為UEFI安全響應小組。
  • 我們擁有內部產品安全專家,可於我們的BIOS及BMC韌體團隊中推動我們的安全開發生命週期(SDL)流程,並評估現有與新出現的安全威脅。
  • 當發現漏洞緩解時,我們會定期發布及時的安全警報公告。
  • 我們緊密地與所有晶片供應商合作夥伴共同合作,以確保能及時和關鍵地提供微碼(microcode)更新和其他補救方法。

在系微,我們與廣泛的業界廠商合作,以查明、回報、緩解和披露安全漏洞。系微能提供給您與我們的客戶及合作夥伴在任何可能危及其平台安全性或隱私內容上的可靠支援。我們非常認真及嚴謹地擔任這個角色,因為如果您的韌體不安全,那麼您的產品就不安全了。

這是我們對您的保證,如果您對系微安全承諾上有任何疑問時,歡迎隨時透過此信箱 security.report@insyde.com 與我們聯繫。

系微首席技術長, Tim Lewis


Insyde Software Security Advisories for InsydeH2O UEFI Firmware:

Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2024-1298 5.3 [EDK2] FirmwarePerformancePei: Potential UINT32 overflow and subsequent divide by 0 INSYDE-SA-2024006 09/10/2024 09/10/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 7.4 SMM memory corruption vulnerability could lead to escalating privileges in SMM. (CWE-822) INSYDE-SA-2024001 05/13/2024 05/13/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-47252 4.7 PnpSmm: Possible out of bounds in SMM communication buffer, leading to tampering. INSYDE-SA-2023067 04/09/2024 04/09/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-28149 6.1 IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables. INSYDE-SA-2023040 03/12/2024 03/12/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.3~8.3 VU#132380
Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
INSYDE-SA-2023066 01/16/2024 09/10/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 7 VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification.
INSYDE-SA-2023031 01/09/2024 01/09/2024

Insyde Software Security Advisories for Supervyse BMC Firmware:

Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple Low Upgrade OpenSSL to 3.2.1 INSYDE-SA-2024009 09/10/2024 09/10/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2024-26306 TBD Upgrade iperf3 to 3.17 INSYDE-SA-2024005 08/19/2024 08/19/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple N/A Upgrade libexpat to 2.6.2 INSYDE-SA-2024004 05/13/2024 05/13/2024
Multiple 5.5~8.1 Upgrade libcurl to 8.7.1 INSYDE-SA-2024002 05/13/2024 05/13/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.3~6.5 Upgrade to curl version 8.5.0 INSYDE-SA-2023068 03/12/2024 03/12/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-38545 9.8 curl: SOCKS5 heap buffer overflow. INSYDE-SA-2023065 01/09/2024 01/09/2024

Past Announcements

2023 Advisories
2022 Advisories
2021 and Previous Years Advisories