CVE-2023-40238

MEDIUM EPSS 76.6%
Published Dec 7, 20232y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 7, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
76.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-312

Affected Products 377

VendorProductVersionRange
fujitsuesprimo_d556\/2_firmware* <1.35.0
fujitsuesprimo_d556\/2*any
fujitsuesprimo_d6011_firmware* <1.31.0
fujitsuesprimo_d6011*any
fujitsuesprimo_d6012_firmware* <3.08.0
fujitsuesprimo_d6012*any
fujitsuesprimo_d7010_firmware* <1.64.0
fujitsuesprimo_d7010*any
fujitsuesprimo_d7010\/8_firmware* <1.64.0
fujitsuesprimo_d7010\/8*any
fujitsuesprimo_d7011_firmware* <1.31.0
fujitsuesprimo_d7011*any
fujitsuesprimo_d7012_firmware* <3.08.0
fujitsuesprimo_d7012*any
fujitsuesprimo_d7013_firmware* <3.08.0
fujitsuesprimo_d7013*any
fujitsuesprimo_d738_firmware* <1.38.0
fujitsuesprimo_d738*any
fujitsuesprimo_d757_firmware* <1.35.0
fujitsuesprimo_d757*any
fujitsuesprimo_d9010_firmware* <1.64.0
fujitsuesprimo_d9010*any
fujitsuesprimo_d9011_firmware* <1.31.0
fujitsuesprimo_d9011*any
fujitsuesprimo_d9012_firmware* <3.08.0
fujitsuesprimo_d9012*any
fujitsuesprimo_d9013_firmware* <3.08.0
fujitsuesprimo_d9013*any
fujitsuesprimo_d957_firmware* <1.35.0
fujitsuesprimo_d957*any
fujitsuesprimo_d957\/e9x\+_firmware* <1.35.0
fujitsuesprimo_d957\/e9x\+*any
fujitsuesprimo_d958_firmware* <1.38.0
fujitsuesprimo_d958*any
fujitsuesprimo_g5010_firmware* <1.45.0
fujitsuesprimo_g5010*any
fujitsuesprimo_g5011_firmware* <1.27.0
fujitsuesprimo_g5011*any
fujitsuesprimo_g558_firmware* <1.38.0
fujitsuesprimo_g558*any
fujitsuesprimo_g6012_firmware* <3.08.0
fujitsuesprimo_g6012*any
fujitsuesprimo_g9010_firmware* <1.45.0
fujitsuesprimo_g9010*any
fujitsuesprimo_g9012_firmware* <3.08.0
fujitsuesprimo_g9012*any
fujitsuesprimo_g9013_firmware* <3.08.0
fujitsuesprimo_g9013*any
fujitsuesprimo_k5010\/24_firmware* <1.64.0
fujitsuesprimo_k5010\/24*any
fujitsuesprimo_k557\/24_firmware* <1.18.0
fujitsuesprimo_k557\/24*any
fujitsuesprimo_k558\/24_firmware* <1.38.0
fujitsuesprimo_k558\/24*any
fujitsuesprimo_p5010_firmware* <1.64.0
fujitsuesprimo_p5010*any
fujitsuesprimo_p5011_firmware* <1.31.0
fujitsuesprimo_p5011*any
fujitsuesprimo_p557_firmware* <1.35.0
fujitsuesprimo_p557*any
fujitsuesprimo_p558\/power_firmware* <1.38.0
fujitsuesprimo_p558\/power*any
fujitsuesprimo_p6012_firmware* <3.08.0
fujitsuesprimo_p6012*any
fujitsuesprimo_p7010_firmware* <1.64.0
fujitsuesprimo_p7010*any
fujitsuesprimo_p7011_firmware* <1.31.0
fujitsuesprimo_p7011*any
fujitsuesprimo_p7012_firmware* <3.08.0
fujitsuesprimo_p7012*any
fujitsuesprimo_p7013_firmware* <3.08.0
fujitsuesprimo_p7013*any
fujitsuesprimo_p757_firmware* <1.35.0
fujitsuesprimo_p757*any
fujitsuesprimo_p758_firmware* <1.38.0
fujitsuesprimo_p758*any
fujitsuesprimo_p9010_firmware* ≤1.64.0
fujitsuesprimo_p9010*any
fujitsuesprimo_p9011_firmware* <1.31.0
fujitsuesprimo_p9011*any
fujitsuesprimo_p9012_firmware* <3.08.0
fujitsuesprimo_p9012*any
fujitsuesprimo_p9013_firmware* <3.08.0
fujitsuesprimo_p9013*any
fujitsuesprimo_p957_firmware* <1.35.0
fujitsuesprimo_p957*any
fujitsulifebook_u9313x_firmware* <2.12
fujitsulifebook_u9313x*any
fujitsulifebook_u939_firmware* <2.23
fujitsulifebook_u939*any
fujitsulifebook_u939x_firmware* <2.26
fujitsulifebook_u939x*any
fujitsulifebook_u9413_firmware* <2.12
fujitsulifebook_u9413*any
fujitsustylistic_q5010_firmware* <1.38
fujitsustylistic_q5010*any
fujitsustylistic_q509_firmware* <1.37
fujitsustylistic_q509*any
fujitsustylistic_q7310_firmware* <2.27
fujitsustylistic_q7310*any
fujitsustylistic_q7311_firmware* <2.36
fujitsustylistic_q7311*any
fujitsustylistic_q7312_firmware* <2.17
fujitsustylistic_q7312*any
fujitsustylistic_q739_firmware* <2.21
fujitsustylistic_q739*any
fujitsuprimequest_3800b_firmware* <2.23.0
fujitsuprimequest_3800b*any
fujitsuprimequest_3800b2_firmware* <1.67.0
fujitsuprimequest_3800b2*any
fujitsuprimequest_3800e_firmware* <pa25021
fujitsuprimequest_3800e*any
fujitsuprimequest_3800e2_firmware* <pb25021
fujitsuprimequest_3800e2*any
fujitsuprimequest_4400e_firmware* <fa17001
fujitsuprimequest_4400e*any
fujitsuprimergy_bx2560_m2_firmware* <1.21.0
fujitsuprimergy_bx2560_m2*any
fujitsuprimergy_bx2580_m2_firmware* <1.21.0
fujitsuprimergy_bx2580_m2*any
fujitsuprimergy_cx2550_m4_firmware* <1.51.0
fujitsuprimergy_cx2550_m4*any
fujitsuprimergy_cx2550_m5_firmware* <1.25.0
fujitsuprimergy_cx2550_m5*any
fujitsuprimergy_cx2550_m6_firmware* <1.34.0
fujitsuprimergy_cx2550_m6*any
fujitsuprimergy_cx2550_m7_firmware* <2.6.0
fujitsuprimergy_cx2550_m7*any
fujitsuprimergy_cx2560_m4_firmware* <1..51.0
fujitsuprimergy_cx2560_m4*any
fujitsuprimergy_cx2560_m5_firmware* <1.34.0
fujitsuprimergy_cx2560_m5*any
fujitsuprimergy_cx2560_m6_firmware* <1.34.0
fujitsuprimergy_cx2560_m6*any
fujitsuprimergy_cx2560_m7_firmware* <2.2.0
fujitsuprimergy_cx2560_m7*any
fujitsuprimergy_cx2570_m4_firmware* <1.51.0
fujitsuprimergy_cx2570_m4*any
fujitsuprimergy_cx2570_m5_firmware* <1.25.0
fujitsuprimergy_cx2570_m5*any
fujitsuprimergy_gx2460_m1_firmware* <7.11.3
fujitsuprimergy_gx2460_m1*any
fujitsuprimergy_gx2560_m7_firmware* <2.6.0
fujitsuprimergy_gx2560_m7*any
fujitsuprimergy_gx2570_m6_firmware* <1.9
fujitsuprimergy_gx2570_m6*any
fujitsuprimergy_rx1330_m3_firmware* <1.39.0
fujitsuprimergy_rx1330_m3*any
fujitsuprimergy_rx1330_m4_firmware* <1.30.0
fujitsuprimergy_rx1330_m4*any
fujitsuprimergy_rx1330_m5_firmware* <1.50.0
fujitsuprimergy_rx1330_m5*any
fujitsuprimergy_rx1440_m2_firmware* <1.6.0
fujitsuprimergy_rx1440_m2*any
fujitsuprimergy_rx2450_m1_firmware* <3.0
fujitsuprimergy_rx2450_m1*any
fujitsuprimergy_rx2450_m2_firmware* <1.6.0
fujitsuprimergy_rx2450_m2*any
fujitsuprimergy_rx2520_m4_firmware* <1.63.0
fujitsuprimergy_rx2520_m4*any
fujitsuprimergy_rx2520_m5_firmware* <1.41.0
fujitsuprimergy_rx2520_m5*any
fujitsuprimergy_rx2530_m4_firmware* <1.63.0
fujitsuprimergy_rx2530_m4*any
fujitsuprimergy_rx2530_m5_firmware* <1.41.0
fujitsuprimergy_rx2530_m5*any
fujitsuesprimo_p958_firmware* <1.38.0
fujitsuesprimo_p958*any
fujitsuesprimo_p958\/power_firmware* <1.38.0
fujitsuesprimo_p958\/power*any
fujitsuesprimo_p9910_firmware* <1.64.0
fujitsuesprimo_p9910*any
fujitsuesprimo_q556\/2_firmware* <1.35.0
fujitsuesprimo_q556\/2*any
fujitsuesprimo_q556\/2\/d_firmware* <1.35.0
fujitsuesprimo_q556\/2\/d*any
fujitsuesprimo_q558_firmware* <1.38.0
fujitsuesprimo_q558*any
fujitsuesprimo_q7010_firmware* <2.20.0
fujitsuesprimo_q7010*any
fujitsuesprimo_q957\/mre_firmware* <1.35.0
fujitsuesprimo_q957\/*any
fujitsuesprimo_q957_firmware* <1.35.0
fujitsuesprimo_q957*any
fujitsuesprimo_q958_firmware* <1.38.0
fujitsuesprimo_q958*any
fujitsuesprimo_q958\/mre_firmware* <1.38.0
fujitsuesprimo_q958\/mre*any
fujitsucelsius_c780_firmware* <1.28.0
fujitsucelsius_c780*any
fujitsucelsius_j5010_firmware* <1.64.0
fujitsucelsius_j5010*any
fujitsucelsius_j550\/2_firmware* <1.35.0
fujitsucelsius_j550\/2*any
fujitsucelsius_j580_firmware* <1.38.0
fujitsucelsius_j580*any
fujitsucelsius_m7010_firmware* <1.12.0
fujitsucelsius_m7010*any
fujitsucelsius_m7010power_firmware* <1.12.0
fujitsucelsius_m7010power*any
fujitsucelsius_m7010x_firmware* <1.06.0
fujitsucelsius_m7010x*any
fujitsucelsius_m7010xpower_firmware* <1.06.0
fujitsucelsius_m7010xpower*any
fujitsucelsius_r970_firmware* <1.14.0
fujitsucelsius_r970*any
fujitsucelsius_r970b_firmware* <1.14.0
fujitsucelsius_r970b*any
fujitsucelsius_r970bpower_firmware* <1.14.0
fujitsucelsius_r970bpower*any
fujitsucelsius_w5010_firmware* <1.64.0
fujitsucelsius_w5010*any
fujitsucelsius_w5010\/l_firmware* <1.64.0
fujitsucelsius_w5010\/l*any
fujitsucelsius_w5011_firmware* <1.31.0
fujitsucelsius_w5011*any
fujitsucelsius_w5012_firmware* <3.08.0
fujitsucelsius_w5012*any
fujitsucelsius_w5012-ll_firmware* <3.08.0
fujitsucelsius_w5012-ll*any
fujitsucelsius_w570_firmware* <1.35.0
fujitsucelsius_w570*any
fujitsucelsius_w570power_firmware* <1.35.0
fujitsucelsius_w570power*any
fujitsucelsius_w570power\+_firmware* <1.35.0
fujitsucelsius_w570power\+*any
fujitsucelsius_w580_firmware* <1.38.0
fujitsucelsius_w580*any
fujitsucelsius_w580power_firmware* <1.38.0
fujitsucelsius_w580power*any
fujitsucelsius_w580power\+_firmware* <1.38.0
fujitsucelsius_w580power\+*any
fujitsucelsius_h5511_firmware* <1.16
fujitsucelsius_h5511*any
fujitsucelsius_h7510_firmware* <1.17
fujitsucelsius_h7510*any
fujitsucelsius_h7613_firmware* <1.14
fujitsucelsius_h7613*any
fujitsucelsius_h780_firmware* <1.23
fujitsucelsius_h780*any
fujitsucelsius_h980_firmware*any
fujitsucelsius_h980*any
fujitsulifebook_a3510_firmware* <1.16
fujitsulifebook_a3510*any
fujitsulifebook_a3511_firmware*any
fujitsulifebook_a3511*any
fujitsuprimergy_rx2530_m6_firmware* <1.28.0
fujitsuprimergy_rx2530_m6*any
fujitsuprimergy_rx2530_m7_firmware* <2.8.0
fujitsuprimergy_rx2530_m7*any
fujitsuprimergy_rx2540_m4_firmware* <1.63.0
fujitsuprimergy_rx2540_m4*any
fujitsuprimergy_rx2540_m5_firmware* <1.41.0
fujitsuprimergy_rx2540_m5*any
fujitsuprimergy_rx2540_m6_firmware* <1.28.0
fujitsuprimergy_rx2540_m6*any
fujitsuprimergy_rx2540_m7_firmware* <2.8.0
fujitsuprimergy_rx2540_m7*any
fujitsuprimergy_rx4770_m3_firmware* <1.27.0
fujitsuprimergy_rx4770_m3*any
fujitsuprimergy_rx4770_m4_firmware* <1.63.0
fujitsuprimergy_rx4770_m4*any
fujitsuprimergy_rx4770_m5_firmware* <1.41.0
fujitsuprimergy_rx4770_m5*any
fujitsuprimergy_rx4770_m6_firmware* <1.23.0
fujitsuprimergy_rx4770_m6*any
fujitsuprimergy_rx4770_m7_firmware* <2.8.0
fujitsuprimergy_rx4770_m7*any
fujitsuprimergy_rx8770_m7_firmware* <2.8.0
fujitsuprimergy_rx8770_m7*any
fujitsuprimergy_tx1310_m3_firmware* <1.39.0
fujitsuprimergy_tx1310_m3*any
fujitsuprimergy_tx1310_m5_firmware* <1.50.0
fujitsuprimergy_tx1310_m5*any
fujitsuprimergy_tx1320_m3_firmware* <1.39.0
fujitsuprimergy_tx1320_m3*any
fujitsuprimergy_tx1320_m4_firmware* <1.30.0
fujitsuprimergy_tx1320_m4*any
fujitsuprimergy_tx1320_m5_firmware* <1.50.0
fujitsuprimergy_tx1320_m5*any
fujitsuprimergy_tx1330_m3_firmware* <1.39.0
fujitsuprimergy_tx1330_m3*any
fujitsuprimergy_tx1330_m4_firmware* <1.30.0
fujitsuprimergy_tx1330_m4*any
fujitsuprimergy_tx1330_m5_firmware* <1.50.0
fujitsuprimergy_tx1330_m5*any
fujitsuprimergy_tx2550_m4_firmware* <1.63.0
fujitsuprimergy_tx2550_m4*any
fujitsuprimergy_tx2550_m5_firmware* <1.41.0
fujitsuprimergy_tx2550_m5*any
fujitsuprimergy_tx2550_m7_firmware* <2.5.0
fujitsuprimergy_tx2550_m7*any
fujitsulifebook_e4411_firmware* <2.40
fujitsulifebook_e4411*any
fujitsulifebook_e4511_firmware* <2.40
fujitsulifebook_e4511*any
fujitsulifebook_e5410_firmware* <2.33
fujitsulifebook_e5410*any
fujitsulifebook_e5411_firmware* <2.40
fujitsulifebook_e5411*any
fujitsulifebook_e5412_firmware* <2.33
fujitsulifebook_e5412*any
fujitsulifebook_e5412\/mtc_firmware* <2.33
fujitsulifebook_e5412\/mtc*any
fujitsulifebook_e5413_firmware* <2.15
fujitsulifebook_e5413*any
fujitsulifebook_e549_firmware* <2.25
fujitsulifebook_e549*any
fujitsulifebook_e5510_firmware* <2.33
fujitsulifebook_e5510*any
fujitsulifebook_e5511_firmware* <2.40
fujitsulifebook_e5511*any
fujitsulifebook_e5512_firmware* <2.33
fujitsulifebook_e5512*any
fujitsulifebook_e5513_firmware* <2.15
fujitsulifebook_e5513*any
fujitsulifebook_e559_firmware* <2.25
fujitsulifebook_e559*any
fujitsulifebook_e736_firmware*any
fujitsulifebook_e736*any
fujitsulifebook_e736_vpro_firmware*any
fujitsulifebook_e736_vpro*any
fujitsulifebook_e746_firmware*any
fujitsulifebook_e746*any
fujitsulifebook_e746_vpro_firmware*any
fujitsulifebook_e746_vpro*any
fujitsulifebook_t939_firmware* <2.20
fujitsulifebook_t939*any
fujitsulifebook_u5313x_firmware* <2.08
fujitsulifebook_u5313x*any
fujitsulifebook_u729_firmware* <2.30
fujitsulifebook_u729*any
fujitsulifebook_u729x_firmware* <2.21
fujitsulifebook_u729x*any
fujitsulifebook_u7310_firmware* <2.29
fujitsulifebook_u7310*any
fujitsulifebook_u7311_firmware* <2.44
fujitsulifebook_u7311*any
fujitsulifebook_u7312_firmware* <2.33
fujitsulifebook_u7312*any
fujitsulifebook_u7313_firmware* <2.15
fujitsulifebook_u7313*any
fujitsulifebook_u7410_firmware* <2.29
fujitsulifebook_u7410*any
fujitsulifebook_u7411_firmware* <2.44
fujitsulifebook_u7411*any
fujitsulifebook_u7412_firmware* <2.33
fujitsulifebook_u7412*any
fujitsulifebook_u7413_firmware* <2.15
fujitsulifebook_u7413*any
fujitsulifebook_u749_firmware* <2.30
fujitsulifebook_u749*any
fujitsulifebook_u7510_firmware* <2.29
fujitsulifebook_u7510*any
fujitsulifebook_u7511_firmware* <2.44
fujitsulifebook_u7511*any
fujitsulifebook_u7512_firmware* <2.33
fujitsulifebook_u7512*any
fujitsulifebook_u759_firmware* <2.30
fujitsulifebook_u759*any
fujitsulifebook_u7613_firmware* <2.15
fujitsulifebook_u7613*any
fujitsulifebook_u9310_firmware* <2.27
fujitsulifebook_u9310*any
fujitsulifebook_u9310x_firmware* <2.27
fujitsulifebook_u9310x*any
fujitsulifebook_u9311_firmware* <2.53
fujitsulifebook_u9311*any
fujitsulifebook_u9312_firmware* <2.31
fujitsulifebook_u9312*any
fujitsulifebook_u9312x_firmware* <2.21
fujitsulifebook_u9312x*any
insydeinsydeh2o*≥5.2  –  <5.2.05.28.47
insydeinsydeh2o*≥5.3  –  <5.3.05.37.47
insydeinsydeh2o*≥5.4  –  <5.4.05.45.47
insydeinsydeh2o*≥5.5  –  <5.5.05.53.47
insydeinsydeh2o*≥5.6  –  <5.6.05.60.47

References 5

  • binarly.io https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html
    Exploit
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240105-0002/
    Third Party Advisory
  • insyde.com https://www.insyde.com/security-pledge
    Vendor Advisory
  • insyde.com https://www.insyde.com/security-pledge/SA-2023053
    Vendor Advisory
  • kb.cert.org https://www.kb.cert.org/vuls/id/811862
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.