OL 2025 080402

Description:

Fix several critical vulnerabilities of specified BIOS versions, preventing damage from those vulnerabilities being exploited.

OnLogic Security Advisory ID: OL-2025-080402

Type: Advisory

Fixed Vulnerabilities:

Vulnerability

Description

CVSS Base Score

CVSS Vector String

Found version

Fixed version

CVE-2023-40238

OOB Write in RLE4 decode routine during BMP file processing in Insyde firmware.

5.5

CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

V2.05

V2.15

CVE-2021-41842,CVE-2024-27353 CVE-2024-25079,CVE-2024-25078 CVE-2022-36448,CVE-2022-35895 CVE-2022-35893,CVE-2022-35408 CVE-2022-34325,CVE-2022-24069 CVE-2022-24031,CVE-2022-24030 CVE-2021-45971,CVE-2021-45970 CVE-2021-45969,CVE-2021-43323 CVE-2021-42554,CVE-2021-41841 CVE-2021-41839,CVE-2021-41838 CVE-2021-41837,CVE-2021-33625, CVE-2022-46897,CVE-2022-35894

Fix issues discovered in InsydeH2O

7.5 ~ 8.2

CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

V2.05

V2.15

CVE-2023-45230,CVE-2023-45232, CVE-2023-45233,CVE-2023-45234

Fix ipv6 issues discovered in EDK2

7.5 ~ 8.3

CVSS:3.1 /AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

V2.05

V2.15

BRLY-2023-002

Found and fix unsafe code flow.

8.2

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

V2.05

V2.15

First Public Date: 2025/03/11

Last Update Date: 2025/03/11

Affected Products:

Karbon 800 Series by OnLogic

Update BIOS version to V2.15

PreviousOL 2025 080102 NextOL 2025 090102