The safety alert issued for Insyde UEFI firmware has acquired an replace from BSI. You can learn an outline of the safety hole together with the most recent updates and details about affected techniques and merchandise right here.
Federal workplace for Security in Information Technology (BSI) revealed an replace on May 21, 2024 concerning the Insyde UEFI firmware safety vulnerability identified on January 9, 2024. The vulnerability impacts the working system BIOS/firmware and merchandise Debian Linux, Amazon Linux 2 , Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, Oracle Linux, Dell Computer, Insyde UEFI Firmware and Dell PowerEdge.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3017 (From 22 May 2024). Some helpful assets are listed later on this article.
Insyde UEFI firmware safety discover – threat: medium
Risk degree: 4 (reasonable)
CVSS Base Score: 7.0
CVSS provisional rating: 6.1
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc techniques. The CVSS normal makes it potential to match potential or precise safety dangers primarily based on varied metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body circumstances which will change over time are thought-about within the take a look at. According to CVSS, the chance of the present vulnerability is assessed as “medium” with a base rating of seven.0.
Insyde UEFI Firmware Bug: Multiple vulnerabilities enable code execution
InsydeH2O UEFI BIOS is a proprietary, licensed UEFI BIOS firmware that helps Intel and AMD primarily based computer systems.
An area attacker can exploit a number of vulnerabilities within the Insyde UEFI firmware to execute arbitrary program code.
Vulnerabilities are categorized utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2022-36763, CVE-2022-36764 and CVE-2022-36765.
Systems affected by the safety hole at a look
plans
BIOS/Firmware
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
Oracle Linux (cpe:/o:oracle:linux)
Dell Computer (cpe:/o:dell:dell_computer)
Insyde UEFI Firmware Insyde UEFI Firmware Insyde UEFI Firmware Insyde UEFI Firmware Insyde UEFI Firmware Dell PowerEdge T30 Dell PowerEdge T40
Common steps to handle IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace obtainable.
Sources for updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3017 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2264 vom 2024-04-30 (29.04.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-12343 vom 2024-04-25 (24.04.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-20865 vom 2024-04-25 (24.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-A9DEAD34C5 vom 2024-02-26 (26.02.2024)
For extra info, see:
Dell Security Advisory DSA-2024-081 vom 2024-02-21 (20.02.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-2465 vom 2024-02-19 (19.02.2024)
For extra info, see:
Debian Security Advisory DSA-5624 vom 2024-02-14 (14.02.2024)
For extra info, see:
Ubuntu Security Notice USN-6638-1 vom 2024-02-15 (14.02.2024)
For extra info, see:
Dell Security Advisory DSA-2023-191 vom 2024-01-11 (10.01.2024)
For extra info, see:
Lenovo Security Advisory LEN-115697 from 2024-01-09 (09.01.2024)
For extra info, see:
Insyde Security Advisory 2023031 vom 2024-01-09 (09.01.2024)
For extra info, see:
Version historical past of this safety alert
This is model 9 of this IT safety discover for Insyde UEFI firmware. If additional updates are introduced, this doc might be up to date. You can see the adjustments made utilizing the model historical past beneath.
January 9, 2024 – First model
01/10/2024 – New updates from Dell added
02/14/2024 – Added new updates for Ubuntu and Debian
02/19/2024 – New updates from Amazon added
02/20/2024 – New updates from Dell added
02/26/2024 – New updates from Fedora added
April 24, 2024 – New updates for Oracle Linux have been added
April 29, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial notice: This doc is predicated on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find sizzling information, present movies and a direct line to the editorial workforce.
kns/roj/information.de