Description:
Fix several critical vulnerabilities of specified BIOS versions, preventing damage from those vulnerabilities being exploited.
OnLogic Security Advisory ID: OL-2024-080401
Type: Advisory
Fixed Vulnerabilities:
Vulnerability | Description | CVSS Base Score | CVSS Vector String | Found version | Fixed version |
---|---|---|---|---|---|
CVE-2023-40238 | OOB Write in RLE4 decode routine during BMP file processing in Insyde firmware. | 5.5 | CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | V2.05 | V2.08 |
CVE-2021-41842,CVE-2024-27353 CVE-2024-25079,CVE-2024-25078 CVE-2022-36448,CVE-2022-35895 CVE-2022-35893,CVE-2022-35408 CVE-2022-34325,CVE-2022-24069 CVE-2022-24031,CVE-2022-24030 CVE-2021-45971,CVE-2021-45970 CVE-2021-45969,CVE-2021-43323 CVE-2021-42554,CVE-2021-41841 CVE-2021-41839,CVE-2021-41838 CVE-2021-41837,CVE-2021-33625, CVE-2022-46897,CVE-2022-35894 | Fix issues discovered in InsydeH2O | 7.5 ~ 8.2 | CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | V2.05 | V2.08 |
CVE-2023-45230,CVE-2023-45232, CVE-2023-45233,CVE-2023-45234 | Fix ipv6 issues discovered in EDK2 | 7.5 ~ 8.3 | CVSS:3.1 /AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H | V2.05 | V2.08 |
First Public Date: 2024/10/15
Last Update Date: 2024/10/15
Affected Products:
Recommendation:
Update BIOS version to V2.08