系微安全保證
系微自20年前成立以來,產品的安全可靠至關重要。數以百計的OEM及ODM合作夥伴信任我們,使我們能夠建立構成其產品基礎的平台,因為我們知道我們共同致力於確保其產品的安全性。產品安全是我們公司的首要任務,也是我們每天不斷改進的重點領域。
- 我們是業界領先的韌體標準機構安全審核小組成員之一; 即為UEFI安全響應小組。
- 我們擁有內部產品安全專家,可於我們的BIOS及BMC韌體團隊中推動我們的安全開發生命週期(SDL)流程,並評估現有與新出現的安全威脅。
- 當發現漏洞緩解時,我們會定期發布及時的安全警報公告。
- 我們緊密地與所有晶片供應商合作夥伴共同合作,以確保能及時和關鍵地提供微碼(microcode)更新和其他補救方法。
在系微,我們與廣泛的業界廠商合作,以查明、回報、緩解和披露安全漏洞。系微能提供給您與我們的客戶及合作夥伴在任何可能危及其平台安全性或隱私內容上的可靠支援。我們非常認真及嚴謹地擔任這個角色,因為如果您的韌體不安全,那麼您的產品就不安全了。
這是我們對您的保證,如果您對系微安全承諾上有任何疑問時,歡迎隨時透過此信箱 security.report@insyde.com 與我們聯繫。
系微首席技術長, Tim Lewis
Insyde Software Security Advisories for InsydeH2O UEFI Firmware:
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-47252 | 4.7 | PnpSmm: Possible out of bounds in SMM communication buffer, leading to tampering. | INSYDE-SA-2023067 | 04/09/2024 | 04/09/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-28149 | 6.1 | IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables. | INSYDE-SA-2023040 | 03/12/2024 | 03/12/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 5.3~8.3 | VU#132380 Vulnerabilities in EDK2 NetworkPkg IP stack implementation. |
INSYDE-SA-2023066 | 01/16/2024 | 01/16/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 7 | VU#275256 Vulnerabilities in EDK2 Reference implementation of the UEFI Specification. |
INSYDE-SA-2023031 | 01/09/2024 | 01/09/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| N/A | N/A | Code change to accommodate OpenSSL 1.1.1w | INSYDE-SA-2023062 | 12/12/2023 | 12/12/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-40238 | 5.5~6.1 | Improper input validation may be exploited via local access. | INSYDE-SA-2023053 | 12/06/2023 | 12/25/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| N/A | Low | Code change to accommondate OpenSSL 1.1.1v | INSYDE-SA-2023059 | 11/14/2023 | 11/14/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-39284 | 6.1 | IhisiServicesSmm: Arbitrary calls to SetVariable with unsanitized arguments in SMI handler. | INSYDE-SA-2023056 | 10/31/2023 | 10/31/2023 |
| CVE-2023-39283 | 5.3 | CsmInt10HookSmm: SMM memory corruption vulnerability in SMM driver (SMRAM write). | INSYDE-SA-2023055 | 10/31/2023 | 10/31/2023 |
| CVE-2023-39281 | 4.1 | AsfSecureBootDxe: Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase. | INSYDE-SA-2023054 | 10/31/2023 | 10/31/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-30633 | 6.1 | TrEEConfigDriver: Vulnerable devices can report false TPM PCR values masking malware activity. | INSYDE-SA-2023045 | 10/10/2023 | 10/10/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-34195 | 5.3 | SystemFirmwareManagementRuntimeDxe: potential arbitrary code execution in the DXE phase. | INSYDE-SA-2023052 | 09/12/2023 | 09/12/2023 |
| H2O-0324-2302 | Low-Medium | Code change to accommodate OpenSSL 1.1.1u | INSYDE-SA-2023042 | 09/12/2023 | 09/12/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-2004 | 7.5 | Upgrade FreeType Build Tool to version 2.13.0 | INSYDE-SA-2023048 | 08/08/2023 | 08/08/2023 |
| CVE-2023-24932 | 5.1 | SysPasswordDxe: Cleartext storage of system password could lead to possible information disclosure. | INSYDE-SA-2023047 | 08/08/2023 | 08/08/2023 |
| CVE-2022-24351 | 5.9 | FDM TOCTOU access after measurement allows redirected code execution. | INSYDE-SA-2023038 | 08/08/2023 | 08/08/2023 |
| CVE-2023-27471 | 4.1 | MeSetup UEFI variable may be overwritten and causes DOS attacks. | INSYDE-SA-2023036 | 08/08/2023 | 08/08/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-24932 | 6.7 | Secure Boot Security Feature Bypass Vulnerability | INSYDE-SA-2023050 | 07/11/2023 | 07/11/2023 |
| H2O-0412-2301 | N/A | Secure Boot dbx update. | INSYDE-SA-2023044 | 07/11/2023 | 07/11/2023 |
| CVE-2023-28468 | 6.1 | FvbServicesRuntimeDxe: Exposes an SMI handler that allows an attacker to interact with the SPI flash. | INSYDE-SA-2023039 | 07/11/2023 | 07/11/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-26090 | 6.1 | Insyde Setup EFI Variable Lock Bypass Vulnerability | INSYDE-SA-2023034 | 06/13/2023 | 06/13/2023 |
| CVE-2021-38576 | 7.5 | [EDK2] Empty TPM Platform Auth | INSYDE-SA-2023026 | 06/13/2023 | 06/13/2023 |
| CVE-2022-46897 | 5.3 | The CapsuleIFWUSmm driver does not check the return value which may cause memory leak. | INSYDE-SA-2023018 | 06/13/2023 | 06/13/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 5.9-7.4 | Code change to accommodate OpenSSL 1.1.1t | INSYDE-SA-2023029 | 05/09/2023 | 09/14/2023 |
| CVE-2019-17178 | 3.9 | Vulnerabilities in BIOS PNG Decoder libs | INSYDE-SA-2023016 | 05/09/2023 | 05/09/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-27373 | 6.4 | Insufficient TSEG Overlap Checks. | INSYDE-SA-2023035 | 05/05/2023 | 05/05/2023 |
| CVE-2023-25600 | 3.0 | OOB Read If “Console Redirection” EFI Variable Is Tampered. | INSYDE-SA-2023028 | 05/05/2023 | 05/05/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2022-24350 | 5.3 | IhisiSmm: Possible out of bounds in IHISI command buffer, leading to tampering. | INSYDE-SA-2023027 | 04/10/2023 | 04/10/2023 |
| CVE-2021-38575 | 8.1 | [EDK2] NetworkPkg/IScsiDxe: remotely exploitable buffer overflows. | INSYDE-SA-2023025 | 04/10/2023 | 04/10/2023 |
| CVE-2021-38578 | 8.2 | [EDK2] MdeModulePkg/PiSmmCore: SmmEntryPoint underflow. | INSYDE-SA-2023024 | 04/10/2023 | 04/10/2023 |
| CVE-2023-22613 | 7.3 | IhisiServicesSmm: Write To Attacker Controlled Address. | INSYDE-SA-2023023 | 04/10/2023 | 04/10/2023 |
| CVE-2023-22616 | 6.4 | IhisiServicesSmm: Save State Register Not Checked Before Use. | INSYDE-SA-2023022 | 04/10/2023 | 04/10/2023 |
| CVE-2023-22615 | 6.4 | IhisiServicesSmm: IHISI Subfunction Execution May Corrupt SMRAM. | INSYDE-SA-2023021 | 04/10/2023 | 04/10/2023 |
| CVE-2023-22614 | 7.9 | ChipsetSvcSmm: Insufficient Input Validation In BIOS Guard Updates. | INSYDE-SA-2023020 | 04/10/2023 | 04/10/2023 |
| CVE-2023-22612 | 8.1 | IhisiServicesSmm: Memory Corruption in FTBS SMI Handler | INSYDE-SA-2023019 | 04/10/2023 | 04/10/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2022-46758 | 6.4 | H2OSmmDebugPrintErrorLevelLib: Variable size is not initialized before calling GetVariable | INSYDE-SA-2023017 | 03/07/2023 | 03/07/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2022-32955 | 7.8 | DMA attacks on the NvmExpressDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023015 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32954 | 7.8 | DMA attacks on the SdMmcDevice shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023014 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32953 | 7.8 | DMA attacks on the SdHostDriver shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023013 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32478 | 7.5 | DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023010 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32477 | 8.2 | DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023009 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32476 | 7.5 | DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023008 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32475 | 8.2 | DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023007 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32474 | 8.2 | DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023006 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32473 | 8.2 | DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023005 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32471 | 8.2 | DMA attacks on the IHISI command buffer could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023003 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32470 | 8.2 | DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023002 | 02/14/2023 | 02/14/2023 |
| CVE-2022-32469 | 8.2 | DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | INSYDE-SA-2023001 | 02/14/2023 | 02/14/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-30772 | 7.2 | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. | INSYDE-SA-2022065 | 11/14/2022 | 11/14/2022 |
| CVE-2022-30771 | 8.2 | Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. | INSYDE-SA-2022064 | 11/14/2022 | 11/14/2022 |
| CVE-2022-30283 | 7.5 | In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges. | INSYDE-SA-2022063 | 11/14/2022 | 11/14/2022 |
| CVE-2022-29279 | 7.5 | Use of an untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. | INSYDE-SA-2022062 | 11/14/2022 | 11/14/2022 |
| CVE-2022-29278 | 7.5 | Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. | INSYDE-SA-2022061 | 11/14/2022 | 11/14/2022 |
| CVE-2022-29277 | 7.5 | Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications. | INSYDE-SA-2022060 | 11/14/2022 | 12/07/2022 |
| CVE-2022-29276 | 8.2 | SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. | INSYDE-SA-2022059 | 11/14/2022 | 11/14/2022 |
| CVE-2022-29275 | 7.8 | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering | INSYDE-SA-2022058 | 11/14/2022 | 11/14/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-34325 | 7.8 | DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022057 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33986 | 7.4 | DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. | INSYDE-SA-2022056 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33985 | 7.5 | DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022055 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33984 | 7.8 | Stack buffer overflow vulnerability leads to arbitrary code execution | INSYDE-SA-2022054 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33983 | 7.8 | DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022053 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33982 | 7.4 | DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. | INSYDE-SA-2022052 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33909 | 7.8 | DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022051 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33908 | 7.8 | DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022050 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33907 | 8.2 | DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022049 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33906 | 8.2 | DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. | INSYDE-SA-2022048 | 11/08/2022 | 11/08/2022 |
| CVE-2022-33905 | 7.8 | DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). | INSYDE-SA-2022047 | 11/08/2022 | 11/08/2022 |
| CVE-2022-32267 | 4.4 | DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack). | INSYDE-SA-2022046 | 11/08/2022 | 11/08/2022 |
| CVE-2022-32266 | 3.9 | DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to corruption of other ACPI fields and adjacent memory fields (a TOCTOU attack). | INSYDE-SA-2022045 | 11/08/2022 | 11/08/2022 |
| CVE-2022-31243 | 7.5 | DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack). | INSYDE-SA-2022044 | 11/08/2022 | 11/08/2022 |
| CVE-2022-30774 | 7.5 | DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents of parameter values (a TOCTOU attack). | INSYDE-SA-2022043 | 11/08/2022 | 11/08/2022 |
| CVE-2022-30773 | 8.2 | DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values (a TOCTOU attack). | INSYDE-SA-2022042 | 11/08/2022 | 11/08/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-35897 | 7.6 | Stack buffer overflow vulnerability leads to arbitrary code execution | INSYDE-SA-2022041 | 11/04/2022 | 11/04/2022 |
| CVE-2022-35407 | 7.7 | Stack buffer overflow vulnerability leads to arbitrary code execution | INSYDE-SA-2022040 | 11/04/2022 | 11/04/2022 |
| CVE-2022-36337 | 7.7 | Stack buffer overflow vulnerability leads to arbitrary code execution | INSYDE-SA-2022039 | 11/04/2022 | 11/04/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-27405 | 3.6 | Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. | INSYDE-SA-2022038 | 09/30/2022 | 09/30/2022 |
| VU#309662 CVE-2022-34302 CVE-2022-34301 CVE-2022-34303 |
8.2 | Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass | INSYDE-SA-2022037 | 09/30/2022 | 09/30/2022 |
| CVE-2017-5715 | 5.6 | Side-channel analysis may allow unauthorized disclosure of information | INSYDE-SA-2022036 | 09/30/2022 | 09/30/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2022-35893 | 8.2 | SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. | INSYDE-SA-2022035 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35896 | 6.0 | SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. | INSYDE-SA-2022034 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35895 | 8.2 | SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. | INSYDE-SA-2022033 | 09/21/2022 | 09/21/2022 |
| CVE-2022-36448 | 8.2 | SMM memory corruption vulnerability in Software SMI handler in InsydeH2O | INSYDE-SA-2022032 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35408 | 7.5 | SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. | INSYDE-SA-2022031 | 09/21/2022 | 09/21/2022 |
| CVE-2022-35894 | 6.0 | SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. | INSYDE-SA-2022030 | 09/21/2022 | 09/21/2022 |
| CVE-2022-36338 | 7.5 | SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. | INSYDE-SA-2022029 | 09/21/2022 | 09/21/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| Refer to INSYDE-SA | 3.6 | Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. | INSYDE-SA-2022028 | 07/05/2022 | 07/05/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-43613 | 6.5 | User and administrator password hashes are exposed in runtime UEFI variables, leading to escalation of privilege. | INSYDE-SA-2022027 | 02/21/2022 | - |
| CVE-2021-43614 | 6.7 | Error in handling the PlatformLangCodes UEFI variable could cause a buffer overflow, leading to resource exhaustion and failure. | INSYDE-SA-2022026 | 02/21/2022 | - |
| CVE-2021-38489 | 7.8 | HDD password stored in plaintext. | INSYDE-SA-2022025 | 02/21/2022 | - |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-41837 | 8.2 | An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "current_ptr" to read or write or manipulate data into SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. | INSYDE-SA-2022024 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41838 | 8.2 | An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "ptr" to read or write or manipulate data in the SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. | INSYDE-SA-2022023 | 02/01/2022 | 02/01/2022 |
| CVE-2021-33627 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | INSYDE-SA-2022022 | 02/01/2022 | 02/01/2022 |
| CVE-2021-33626 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | INSYDE-SA-2022021 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41839 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be used by an attacker to overwrite address location of any of the functions (FreePool,LocateHandleBuffer,HandleProtocol) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. | INSYDE-SA-2022020 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41841 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be used by an attacker to overwrite address location of the function (LocateHandleBuffer) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. | INSYDE-SA-2022019 | 02/01/2022 | 02/01/2022 |
| CVE-2021-41840 | 7.5 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code. | INSYDE-SA-2022018 | 02/01/2022 | 02/01/2022 |
| CVE-2020-5953 | 7.5 | A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). | INSYDE-SA-2022017 | 02/01/2022 | 02/01/2022 |
| CVE-2021-43323 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022016 | 02/01/2022 | 02/01/2022 |
| CVE-2022-24031 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022015 | 02/01/2022 | 02/01/2022 |
| CVE-2021-33625 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022014 | 02/01/2022 | 02/01/2022 |
| CVE-2021-43615 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022013 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42554 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022012 | 02/01/2022 | 02/01/2022 |
| CVE-2022-24030 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022011 | 02/01/2022 | 02/01/2022 |
| CVE-2022-24069 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022010 | 02/01/2022 | 02/01/2022 |
| CVE-2021-43522 | 7.5 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022009 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42113 | 8.2 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022008 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42060 | 7.5 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | INSYDE-SA-2022007 | 02/01/2022 | 02/01/2022 |
| CVE-2021-42059 | 8.2 | Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. | INSYDE-SA-2022006 | 02/01/2022 | 02/01/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-5956 | 7.2 | SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956) | INSYDE-SA-2022005 | 01/04/2022 | 02/08/2022 |
| CVE-2021-41842 | 8.2 | AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. | INSYDE-SA-2022004 | 01/04/2022 | 02/08/2022 |
| CVE-2021-45969 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). | INSYDE-SA-2022003 | 01/04/2022 | 02/08/2022 |
| CVE-2021-45970 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). | INSYDE-SA-2022002 | 01/04/2022 | 02/08/2022 |
| CVE-2021-45971 | 8.2 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). | INSYDE-SA-2022001 | 01/04/2022 | 02/08/2022 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-33834 | 4.9 | Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption). | INSYDE-SA-2021004 | 12/14/2021 | 09/05/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2021-33627 | 8.2 | SMM code may allow content can be controlled by attacker who attains operating system privilege. | INSYDE-SA-2021003 | 11/29/2021 | 11/29/2021 |
| CVE-2020-27339 | 7.2 | A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability. | INSYDE-SA-2021001 | 06/14/2021 | 12/28/2021 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-5955 | 7.2 | Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O. Intel Skylake: 05.04.15.0001, Intel Skylake MRD: 05.05.39.0001, Intel Kaby Lake (Client): 05.10.48.0001, Intel Greenlow/Greenlow-R (Server/Embedded): 05.12.09.0075, Intel Kaby Lake MRD: 05.11.26.0015, Intel Cannon Lake: 05.21.43.0001, Intel Coffee Lake (Client): 05.21.43.0001, Intel Mehlow/Mehlow-R(Server/Embedded): 05.23.04.0045, Intel Whiskey Lake (Client): 05.21.43.0001, Intel Whiskey Lake RVP (Server/Embedded): 05.23.45.0023, Intel Whiskey Lake/Coffee Lake: 05.23.27.0001, Intel Comet Lake (Client): 05.32.47.0001, Intel Comet Lake RVP (Server/Embedded): 05.34.09.0030, Intel Ice Lake: 05.32.30.0001, Intel Tiger Lake: 05.41.35.0001, Intel Whitley-SP: 05.42.11.0026, Intel Grantley-EP: 05.04.21.0068, Intel Elkhart Lake: 05.42.09.0003 Intel Purley-EP Refresh Neon City: 05.21.51.0040 |
INSYDE-SA-2021002 | 10/21/2021 | 10/21/2021 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-27339 | 7.2 | A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability. | INSYDE-SA-2021001 | 06/14/2021 | 07/02/2021 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2020-5952 | 7.2 | AhciBusDxe: Improper input validation might lead to arbitrary code execution vulnerability at SMM level | INSYDE-SA-2020001 | 03/12/2024 | 03/12/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Original Date | Last Revised |
| CVE-2019-12532 | 6.9 | Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. | INSYDE-SA-2019001 | 08/12/2019 | - |
Insyde Software Security Advisories for Supervyse BMC Firmware:
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 5.3~6.5 | Upgrade to curl version 8.5.0 | INSYDE-SA-2023068 | 03/12/2024 | 03/12/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-38545 | 9.8 | curl: SOCKS5 heap buffer overflow. | INSYDE-SA-2023065 | 01/09/2024 | 01/09/2024 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-38039 | 7.5 | HTTP headers eat all memory. | INSYDE-SA-2023064 | 12/12/2023 | 12/12/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | Low | Upgrade OpenSSL to 1.1.1v | INSYDE-SA-2023060 | 11/14/2023 | 11/14/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| CVE-2023-34969 | 6.5 | dbus: Unprivileged users to crash dbus-daemon. | INSYDE-SA-2023061 | 09/12/2023 | 09/12/2023 |
| CVE-2023-32001 | 5.5 | curl: fopen race condition | INSYDE-SA-2023058 | 09/12/2023 | 09/12/2023 |
| Multiple | Low-Medium | Upgrade OpenSSL to 1.1.1u | INSYDE-SA-2023043 | 09/12/2023 | 09/12/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 3.7~7.5 | Upgrade curl to version 8.1.0 | INSYDE-SA-2023051 | 08/08/2023 | 08/08/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 5.5-9.8 | Upgrade libcurl to 8.0.0 | INSYDE-SA-2023041 | 06/13/2023 | 06/13/2023 |
| Common Vulnerabilities and Exposures (CVE) | CVSS v3 Vulnerability Severity | Description | Insyde Security Advisory (SA) | Date (MM/DD/YYYY) | Last Revised |
| Multiple | 5.9-7.4 | Upgrade OpenSSL to 1.1.1t | INSYDE-SA-2023049 | 05/09/2023 | 05/09/2023 |
| Multiple | 6.5-9.1 | Upgrade libcurl to 7.88.0 | INSYDE-SA-2023030 | 05/09/2023 | 05/09/2023 |
Past Announcements
Insyde Software’s Security Teams have conducted thorough analysis for remote code execution vulnerabilities relating to Apache Log4j that was disclosed on December 9th 2021 and has found that its BIOS and BMC firmware products are not affected by CVE-2021-4428 and CVE-2021-45046.
- All InsydeH2O UEFI BIOS versions as well as all of its related Development Tools do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities.
- All Supervyse BMC Firmware versions do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities.
- All Insyde IT environment do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities