csaf_certbund - wid-sec-w-2023-2021

wid-sec-w-2023-2021

Vulnerability from csaf_certbund

Published

2023-08-08 22:00

Modified

2023-12-03 23:00

Summary

Insyde UEFI Firmware: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Insyde UEFI Firmware ausnutzen, um Dateien zu manipulieren, einen Denial of Service zu verursachen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "InsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Insyde UEFI Firmware ausnutzen, um Dateien zu manipulieren, einen Denial of Service zu verursachen oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2021 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2021.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2021 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2021"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-324 vom 2023-12-01",
        "url": "https://www.dell.com/support/kbdoc/de-de/000217232/dsa-2023-324-security-update-for-an-dell-client-platform-insyde-uefi-bios-vulnerability"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-134879 vom 2023-08-09",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory vom 2023-08-08",
        "url": "https://www.insyde.com/security-pledge/SA-2023047"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory vom 2023-08-08",
        "url": "https://www.insyde.com/security-pledge/SA-2023036"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory vom 2023-08-08",
        "url": "https://www.insyde.com/security-pledge/SA-2023038"
      }
    ],
    "source_lang": "en-US",
    "title": "Insyde UEFI Firmware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-03T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:39:59.296+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2021",
      "initial_release_date": "2023-08-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-03T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell BIOS",
            "product": {
              "name": "Dell BIOS",
              "product_id": "T016637",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T006498",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Insyde UEFI Firmware",
            "product": {
              "name": "Insyde UEFI Firmware",
              "product_id": "T026842",
              "product_identification_helper": {
                "cpe": "cpe:/h:insyde:uefi:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T005651",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-31041",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Insyde UEFI Firmware. Es ist m\u00f6glich Systempasswortinformationen optional im Klartext zu speichern. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T006498",
          "T016637",
          "T026842",
          "T026557"
        ]
      },
      "release_date": "2023-08-08T22:00:00Z",
      "title": "CVE-2023-31041"
    },
    {
      "cve": "CVE-2023-27471",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Insyde UEFI Firmware. Die MeSetup UEFI-Variable wird nicht ausreichend gesch\u00fctzt und \u00fcberpr\u00fcft. In der Folge kann sie mithilfe von Betriebssystem-APIs \u00fcberschrieben werden. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T006498",
          "T016637",
          "T026842",
          "T026557"
        ]
      },
      "release_date": "2023-08-08T22:00:00Z",
      "title": "CVE-2023-27471"
    },
    {
      "cve": "CVE-2022-24351",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Insyde UEFI Firmware. Durch SPI-Injektion ist es m\u00f6glich, den FDM-Inhalt zu \u00e4ndern, nachdem er \u00fcberpr\u00fcft wurde. Dieser TOCTOU-Angriff k\u00f6nnte dazu verwendet werden, Daten und Code zu ver\u00e4ndern, die im weiteren Verlauf des Boot-Prozesses verwendet werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T006498",
          "T016637",
          "T026842",
          "T026557"
        ]
      },
      "release_date": "2023-08-08T22:00:00Z",
      "title": "CVE-2022-24351"
    }
  ]
}

cve-2023-27471

Vulnerability from cvelistv5

Published

2023-08-18 00:00

Modified

2024-08-02 12:09

Severity

Summary

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.

References

URL	Tags
https://www.insyde.com/security-pledge/SA-2023036

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:09:43.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2023036"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the \u0027MeSetup\u0027 UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T18:07:57.390587",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.insyde.com/security-pledge/SA-2023036"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-27471",
    "datePublished": "2023-08-18T00:00:00",
    "dateReserved": "2023-03-01T00:00:00",
    "dateUpdated": "2024-08-02T12:09:43.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-31041

Vulnerability from cvelistv5

Published

2023-08-14 00:00

Modified

2024-08-02 14:45

Severity

Summary

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

References

URL	Tags
https://www.insyde.com/security-pledge/SA-2023047

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:45:24.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2023047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-14T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.insyde.com/security-pledge/SA-2023047"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-31041",
    "datePublished": "2023-08-14T00:00:00",
    "dateReserved": "2023-04-23T00:00:00",
    "dateUpdated": "2024-08-02T14:45:24.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24351

Vulnerability from cvelistv5

Published

2023-12-16 00:00

Modified

2024-08-03 04:07

Severity

Summary

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

References

URL	Tags
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023038

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:07:02.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2023038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-16T01:17:43.374416",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.insyde.com/security-pledge"
        },
        {
          "url": "https://www.insyde.com/security-pledge/SA-2023038"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24351",
    "datePublished": "2023-12-16T00:00:00",
    "dateReserved": "2022-02-02T00:00:00",
    "dateUpdated": "2024-08-03T04:07:02.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

wid-sec-w-2023-2021

Vulnerability from csaf_certbund

cve-2023-27471

Vulnerability from cvelistv5

cve-2023-31041

Vulnerability from cvelistv5

cve-2022-24351

Vulnerability from cvelistv5

Tags