CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-40238
https://notcve.org/view.php?id=CVE-2023-40238
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. Se descubrió un problema de LogoFAIL en BmpDecoderDxe en Insyde InsydeH2O con kernel 5.2 anterior a 05.28.47, 5.3 anterior a 05.37.47, 5.4 anterior a 05.45.47, 5.5 anterior a 05.53.47 y 5.6 anterior a 05.60.47 para ciertos dispositivos Lenovo. El análisis de imágenes de archivos de logotipos BMP manipulados puede copiar datos a una dirección específica durante la fase DXE de la ejecución UEFI. • https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html https://security.netapp.com/advisory/ntap-20240105-0002 https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023053 https://www.kb.cert.org/vuls/id/811862 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39283
https://notcve.org/view.php?id=CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. Una vulnerabilidad de corrupción de memoria SMM en el controlador SMM (SMRAM write) en CsmInt10HookSmm en Insyde InsydeH2O con kernel 5.0 a 5.5 permite a atacantes enviar datos arbitrarios a SMM, lo que podría conducir a una escalada de privilegios. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023055 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39284
https://notcve.org/view.php?id=CVE-2023-39284
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler. Se descubrió un problema en IhisiServicesSmm en Insyde InsydeH2O con kernel 5.0 a 5.5. Hay llamadas arbitrarias a SetVariable con argumentos no sanitizados en el controlador SMI. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023056 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-30633
https://notcve.org/view.php?id=CVE-2023-30633
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023045 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34195
https://notcve.org/view.php?id=CVE-2023-34195
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. Se descubrió un problema en SystemFirmwareManagementRuntimeDxe en Insyde InsydeH2O con kernel 5.0 a 5.5. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023052 •