Description:
Fix several critical vulnerabilities of specified BIOS versions, preventing damage from those vulnerabilities being exploited.
OnLogic Security Advisory ID: OL-2025-080102
Type: Advisory
Fixed Vulnerabilities:
| Vulnerability | Description | CVSS Base Score | CVSS Vector String | Found version | Fixed version |
|---|---|---|---|---|---|
| CVE-2023-45230,CVE-2023-45232, CVE-2023-45233,CVE-2023-45234, CVE-2023-45238 | Fix ipv6 issues discovered in EDK2 | 6.3 ~ 8.3 | CVSS:3.1 /AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H | V1.55 | V1.59 |
| BRLY-2022-020 | Fix potential vulnerability in Insyde H20 | 7.7 | AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | V1.55 | V1.59 |
| BRLY-2023-005 | Found unsafe code flow and fixed it | 8.2 | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | V1.55 | V1.59 |
| BRLY-2023-002 | Found unsafe code flow and fixed it | 8.2 | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | V1.55 | V1.59 |
| BRLY-LOGOFAIL-2023-001, BRLY-LOGOFAIL-2023-002,BRLY-LOGOFAIL-2023-003,BRLY-LOGOFAIL-2023-008,BRLY-LOGOFAIL-2023-010, BRLY-LOGOFAIL-2023-011 | Found unsafe code flow and fixed it | 6-8 | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | V1.55 | V1.59 |
First Public Date: 2025/3/11
Last Update Date: 2025/3/11
Affected Products:
Recommendation:
Update UEFI FW version to V1.59