CVE-2023-40238
high-risk
Published 2023-12-07
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Esprimo D556\/2 Firmware
Esprimo D6011 Firmware
Esprimo D6012 Firmware
Esprimo D7010 Firmware
Esprimo D7010\/8 Firmware
Esprimo D7011 Firmware
Esprimo D7012 Firmware
Esprimo D7013 Firmware
Esprimo D738 Firmware
Esprimo D757 Firmware
Esprimo D9010 Firmware
Esprimo D9011 Firmware
Esprimo D9012 Firmware
Esprimo D9013 Firmware
Esprimo D957 Firmware
Esprimo D957\/E9X\+ Firmware
Esprimo D958 Firmware
Esprimo G5010 Firmware
Esprimo G5011 Firmware
Esprimo G558 Firmware
References (10)
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0002/
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023053
Third Party Advisory
https://www.kb.cert.org/vuls/id/811862
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0002/
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023053
Third Party Advisory
https://www.kb.cert.org/vuls/id/811862
52
/ 100
high-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical