CVE-2023-40238

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
fujitsuesprimo_d556\/2_firmware
𝑥
< 1.35.0
fujitsuesprimo_d6011_firmware
𝑥
< 1.31.0
fujitsuesprimo_d6012_firmware
𝑥
< 3.08.0
fujitsuesprimo_d7010_firmware
𝑥
< 1.64.0
fujitsuesprimo_d7010\/8_firmware
𝑥
< 1.64.0
fujitsuesprimo_d7011_firmware
𝑥
< 1.31.0
fujitsuesprimo_d7012_firmware
𝑥
< 3.08.0
fujitsuesprimo_d7013_firmware
𝑥
< 3.08.0
fujitsuesprimo_d738_firmware
𝑥
< 1.38.0
fujitsuesprimo_d757_firmware
𝑥
< 1.35.0
fujitsuesprimo_d9010_firmware
𝑥
< 1.64.0
fujitsuesprimo_d9011_firmware
𝑥
< 1.31.0
fujitsuesprimo_d9012_firmware
𝑥
< 3.08.0
fujitsuesprimo_d9013_firmware
𝑥
< 3.08.0
fujitsuesprimo_d957_firmware
𝑥
< 1.35.0
fujitsuesprimo_d957\/e9x\+_firmware
𝑥
< 1.35.0
fujitsuesprimo_d958_firmware
𝑥
< 1.38.0
fujitsuesprimo_g5010_firmware
𝑥
< 1.45.0
fujitsuesprimo_g5011_firmware
𝑥
< 1.27.0
fujitsuesprimo_g558_firmware
𝑥
< 1.38.0
fujitsuesprimo_g6012_firmware
𝑥
< 3.08.0
fujitsuesprimo_g9010_firmware
𝑥
< 1.45.0
fujitsuesprimo_g9012_firmware
𝑥
< 3.08.0
fujitsuesprimo_g9013_firmware
𝑥
< 3.08.0
fujitsuesprimo_k5010\/24_firmware
𝑥
< 1.64.0
fujitsuesprimo_k557\/24_firmware
𝑥
< 1.18.0
fujitsuesprimo_k558\/24_firmware
𝑥
< 1.38.0
fujitsuesprimo_p5010_firmware
𝑥
< 1.64.0
fujitsuesprimo_p5011_firmware
𝑥
< 1.31.0
fujitsuesprimo_p557_firmware
𝑥
< 1.35.0
fujitsuesprimo_p558\/power_firmware
𝑥
< 1.38.0
fujitsuesprimo_p6012_firmware
𝑥
< 3.08.0
fujitsuesprimo_p7010_firmware
𝑥
< 1.64.0
fujitsuesprimo_p7011_firmware
𝑥
< 1.31.0
fujitsuesprimo_p7012_firmware
𝑥
< 3.08.0
fujitsuesprimo_p7013_firmware
𝑥
< 3.08.0
fujitsuesprimo_p757_firmware
𝑥
< 1.35.0
fujitsuesprimo_p758_firmware
𝑥
< 1.38.0
fujitsuesprimo_p9010_firmware
𝑥
≤ 1.64.0
fujitsuesprimo_p9011_firmware
𝑥
< 1.31.0
fujitsuesprimo_p9012_firmware
𝑥
< 3.08.0
fujitsuesprimo_p9013_firmware
𝑥
< 3.08.0
fujitsuesprimo_p957_firmware
𝑥
< 1.35.0
fujitsulifebook_u9313x_firmware
𝑥
< 2.12
fujitsulifebook_u939_firmware
𝑥
< 2.23
fujitsulifebook_u939x_firmware
𝑥
< 2.26
fujitsulifebook_u9413_firmware
𝑥
< 2.12
fujitsustylistic_q5010_firmware
𝑥
< 1.38
fujitsustylistic_q509_firmware
𝑥
< 1.37
fujitsustylistic_q7310_firmware
𝑥
< 2.27
fujitsustylistic_q7311_firmware
𝑥
< 2.36
fujitsustylistic_q7312_firmware
𝑥
< 2.17
fujitsustylistic_q739_firmware
𝑥
< 2.21
fujitsuprimequest_3800b_firmware
𝑥
< 2.23.0
fujitsuprimequest_3800b2_firmware
𝑥
< 1.67.0
fujitsuprimergy_bx2560_m2_firmware
𝑥
< 1.21.0
fujitsuprimergy_bx2580_m2_firmware
𝑥
< 1.21.0
fujitsuprimergy_cx2550_m4_firmware
𝑥
< 1.51.0
fujitsuprimergy_cx2550_m5_firmware
𝑥
< 1.25.0
fujitsuprimergy_cx2550_m6_firmware
𝑥
< 1.34.0
fujitsuprimergy_cx2550_m7_firmware
𝑥
< 2.6.0
fujitsuprimergy_cx2560_m4_firmware
𝑥
< 1..51.0
fujitsuprimergy_cx2560_m5_firmware
𝑥
< 1.34.0
fujitsuprimergy_cx2560_m6_firmware
𝑥
< 1.34.0
fujitsuprimergy_cx2560_m7_firmware
𝑥
< 2.2.0
fujitsuprimergy_cx2570_m4_firmware
𝑥
< 1.51.0
fujitsuprimergy_cx2570_m5_firmware
𝑥
< 1.25.0
fujitsuprimergy_gx2460_m1_firmware
𝑥
< 7.11.3
fujitsuprimergy_gx2560_m7_firmware
𝑥
< 2.6.0
fujitsuprimergy_gx2570_m6_firmware
𝑥
< 1.9
fujitsuprimergy_rx1330_m3_firmware
𝑥
< 1.39.0
fujitsuprimergy_rx1330_m4_firmware
𝑥
< 1.30.0
fujitsuprimergy_rx1330_m5_firmware
𝑥
< 1.50.0
fujitsuprimergy_rx1440_m2_firmware
𝑥
< 1.6.0
fujitsuprimergy_rx2450_m1_firmware
𝑥
< 3.0
fujitsuprimergy_rx2450_m2_firmware
𝑥
< 1.6.0
fujitsuprimergy_rx2520_m4_firmware
𝑥
< 1.63.0
fujitsuprimergy_rx2520_m5_firmware
𝑥
< 1.41.0
fujitsuprimergy_rx2530_m4_firmware
𝑥
< 1.63.0
fujitsuprimergy_rx2530_m5_firmware
𝑥
< 1.41.0
fujitsuesprimo_p958_firmware
𝑥
< 1.38.0
fujitsuesprimo_p958\/power_firmware
𝑥
< 1.38.0
fujitsuesprimo_p9910_firmware
𝑥
< 1.64.0
fujitsuesprimo_q556\/2_firmware
𝑥
< 1.35.0
fujitsuesprimo_q556\/2\/d_firmware
𝑥
< 1.35.0
fujitsuesprimo_q558_firmware
𝑥
< 1.38.0
fujitsuesprimo_q7010_firmware
𝑥
< 2.20.0
fujitsuesprimo_q957\/mre_firmware
𝑥
< 1.35.0
fujitsuesprimo_q957_firmware
𝑥
< 1.35.0
fujitsuesprimo_q958_firmware
𝑥
< 1.38.0
fujitsuesprimo_q958\/mre_firmware
𝑥
< 1.38.0
fujitsucelsius_c780_firmware
𝑥
< 1.28.0
fujitsucelsius_j5010_firmware
𝑥
< 1.64.0
fujitsucelsius_j550\/2_firmware
𝑥
< 1.35.0
fujitsucelsius_j580_firmware
𝑥
< 1.38.0
fujitsucelsius_m7010_firmware
𝑥
< 1.12.0
fujitsucelsius_m7010power_firmware
𝑥
< 1.12.0
fujitsucelsius_m7010x_firmware
𝑥
< 1.06.0
fujitsucelsius_m7010xpower_firmware
𝑥
< 1.06.0
fujitsucelsius_r970_firmware
𝑥
< 1.14.0
fujitsucelsius_r970b_firmware
𝑥
< 1.14.0
fujitsucelsius_r970bpower_firmware
𝑥
< 1.14.0
fujitsucelsius_w5010_firmware
𝑥
< 1.64.0
fujitsucelsius_w5010\/l_firmware
𝑥
< 1.64.0
fujitsucelsius_w5011_firmware
𝑥
< 1.31.0
fujitsucelsius_w5012_firmware
𝑥
< 3.08.0
fujitsucelsius_w5012-ll_firmware
𝑥
< 3.08.0
fujitsucelsius_w570_firmware
𝑥
< 1.35.0
fujitsucelsius_w570power_firmware
𝑥
< 1.35.0
fujitsucelsius_w570power\+_firmware
𝑥
< 1.35.0
fujitsucelsius_w580_firmware
𝑥
< 1.38.0
fujitsucelsius_w580power_firmware
𝑥
< 1.38.0
fujitsucelsius_w580power\+_firmware
𝑥
< 1.38.0
fujitsucelsius_h5511_firmware
𝑥
< 1.16
fujitsucelsius_h7510_firmware
𝑥
< 1.17
fujitsucelsius_h7613_firmware
𝑥
< 1.14
fujitsucelsius_h780_firmware
𝑥
< 1.23
fujitsucelsius_h980_firmware
-
fujitsulifebook_a3510_firmware
𝑥
< 1.16
fujitsulifebook_a3511_firmware
-
fujitsuprimergy_rx2530_m6_firmware
𝑥
< 1.28.0
fujitsuprimergy_rx2530_m7_firmware
𝑥
< 2.8.0
fujitsuprimergy_rx2540_m4_firmware
𝑥
< 1.63.0
fujitsuprimergy_rx2540_m5_firmware
𝑥
< 1.41.0
fujitsuprimergy_rx2540_m6_firmware
𝑥
< 1.28.0
fujitsuprimergy_rx2540_m7_firmware
𝑥
< 2.8.0
fujitsuprimergy_rx4770_m3_firmware
𝑥
< 1.27.0
fujitsuprimergy_rx4770_m4_firmware
𝑥
< 1.63.0
fujitsuprimergy_rx4770_m5_firmware
𝑥
< 1.41.0
fujitsuprimergy_rx4770_m6_firmware
𝑥
< 1.23.0
fujitsuprimergy_rx4770_m7_firmware
𝑥
< 2.8.0
fujitsuprimergy_rx8770_m7_firmware
𝑥
< 2.8.0
fujitsuprimergy_tx1310_m3_firmware
𝑥
< 1.39.0
fujitsuprimergy_tx1310_m5_firmware
𝑥
< 1.50.0
fujitsuprimergy_tx1320_m3_firmware
𝑥
< 1.39.0
fujitsuprimergy_tx1320_m4_firmware
𝑥
< 1.30.0
fujitsuprimergy_tx1320_m5_firmware
𝑥
< 1.50.0
fujitsuprimergy_tx1330_m3_firmware
𝑥
< 1.39.0
fujitsuprimergy_tx1330_m4_firmware
𝑥
< 1.30.0
fujitsuprimergy_tx1330_m5_firmware
𝑥
< 1.50.0
fujitsuprimergy_tx2550_m4_firmware
𝑥
< 1.63.0
fujitsuprimergy_tx2550_m5_firmware
𝑥
< 1.41.0
fujitsuprimergy_tx2550_m7_firmware
𝑥
< 2.5.0
fujitsulifebook_e4411_firmware
𝑥
< 2.40
fujitsulifebook_e4511_firmware
𝑥
< 2.40
fujitsulifebook_e5410_firmware
𝑥
< 2.33
fujitsulifebook_e5411_firmware
𝑥
< 2.40
fujitsulifebook_e5412_firmware
𝑥
< 2.33
fujitsulifebook_e5412\/mtc_firmware
𝑥
< 2.33
fujitsulifebook_e5413_firmware
𝑥
< 2.15
fujitsulifebook_e549_firmware
𝑥
< 2.25
fujitsulifebook_e5510_firmware
𝑥
< 2.33
fujitsulifebook_e5511_firmware
𝑥
< 2.40
fujitsulifebook_e5512_firmware
𝑥
< 2.33
fujitsulifebook_e5513_firmware
𝑥
< 2.15
fujitsulifebook_e559_firmware
𝑥
< 2.25
fujitsulifebook_e736_firmware
-
fujitsulifebook_e736_vpro_firmware
-
fujitsulifebook_e746_firmware
-
fujitsulifebook_e746_vpro_firmware
-
fujitsulifebook_t939_firmware
𝑥
< 2.20
fujitsulifebook_u5313x_firmware
𝑥
< 2.08
fujitsulifebook_u729_firmware
𝑥
< 2.30
fujitsulifebook_u729x_firmware
𝑥
< 2.21
fujitsulifebook_u7310_firmware
𝑥
< 2.29
fujitsulifebook_u7311_firmware
𝑥
< 2.44
fujitsulifebook_u7312_firmware
𝑥
< 2.33
fujitsulifebook_u7313_firmware
𝑥
< 2.15
fujitsulifebook_u7410_firmware
𝑥
< 2.29
fujitsulifebook_u7411_firmware
𝑥
< 2.44
fujitsulifebook_u7412_firmware
𝑥
< 2.33
fujitsulifebook_u7413_firmware
𝑥
< 2.15
fujitsulifebook_u749_firmware
𝑥
< 2.30
fujitsulifebook_u7510_firmware
𝑥
< 2.29
fujitsulifebook_u7511_firmware
𝑥
< 2.44
fujitsulifebook_u7512_firmware
𝑥
< 2.33
fujitsulifebook_u759_firmware
𝑥
< 2.30
fujitsulifebook_u7613_firmware
𝑥
< 2.15
fujitsulifebook_u9310_firmware
𝑥
< 2.27
fujitsulifebook_u9310x_firmware
𝑥
< 2.27
fujitsulifebook_u9311_firmware
𝑥
< 2.53
fujitsulifebook_u9312_firmware
𝑥
< 2.31
fujitsulifebook_u9312x_firmware
𝑥
< 2.21
insydeinsydeh2o
5.2 ≤
𝑥
< 5.2.05.28.47
insydeinsydeh2o
5.3 ≤
𝑥
< 5.3.05.37.47
insydeinsydeh2o
5.4 ≤
𝑥
< 5.4.05.45.47
insydeinsydeh2o
5.5 ≤
𝑥
< 5.5.05.53.47
insydeinsydeh2o
5.6 ≤
𝑥
< 5.6.05.60.47
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html
https://security.netapp.com/advisory/ntap-20240105-0002/
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023053
https://www.kb.cert.org/vuls/id/811862
https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html
https://security.netapp.com/advisory/ntap-20240105-0002/
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023053
https://www.kb.cert.org/vuls/id/811862