1. Home
  2. OnLogic Security Advisory Karbon 800 Series <OL-2024-080401>

OnLogic Security Advisory Karbon 800 Series <OL-2024-080401>

Description:

Fix several critical vulnerabilities of specified BIOS versions, preventing damage from those vulnerabilities being exploited. 

OnLogic Security Advisory ID: OL-2024-080401

Type: Advisory

Fixed Vulnerabilities:

VulnerabilityDescriptionCVSS Base ScoreCVSS Vector StringFound versionFixed version
CVE-2023-40238OOB Write in RLE4 decode routine during
BMP file processing in Insyde firmware.
5.5CVSS:3.1
/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
V2.05V2.08
CVE-2021-41842,CVE-2024-27353
CVE-2024-25079,CVE-2024-25078
CVE-2022-36448,CVE-2022-35895
CVE-2022-35893,CVE-2022-35408
CVE-2022-34325,CVE-2022-24069
CVE-2022-24031,CVE-2022-24030
CVE-2021-45971,CVE-2021-45970
CVE-2021-45969,CVE-2021-43323
CVE-2021-42554,CVE-2021-41841
CVE-2021-41839,CVE-2021-41838
CVE-2021-41837,CVE-2021-33625,
CVE-2022-46897,CVE-2022-35894
Fix issues discovered in InsydeH2O7.5 ~ 8.2CVSS:3.1
/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
V2.05V2.08
CVE-2023-45230,CVE-2023-45232,
CVE-2023-45233,CVE-2023-45234
Fix ipv6 issues discovered in EDK27.5 ~ 8.3CVSS:3.1
/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
V2.05V2.08

First Public Date: 2024/10/15

Last Update Date: 2024/10/15

Affected Products:

Recommendation:

Update BIOS version to V2.08

Updated on November 4, 2024

Was this article helpful?

Keep In Touch.
Subscribe today and we’ll send the latest product and content updates right to your inbox.
Subscribe