CVE-2023-40238

UNKNOWN

Published 2023-12-07T00:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-40238. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-5rp3-83j5-w2g4

Advisory Details

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-40238

WEB https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html

WEB https://security.netapp.com/advisory/ntap-20240105-0002

WEB https://www.insyde.com/security-pledge

WEB https://www.insyde.com/security-pledge/SA-2023053

WEB https://www.kb.cert.org/vuls/id/811862

Advisory provided by GitHub Security Advisory Database. Published: December 7, 2023, Modified: December 12, 2023

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts

Reddit • 2 months ago

TumbleweedAfter5531

Bios update legion go I’ve not installed it yet but noticed this news update Is it new? Changelog 1. Base on BIOS36. 2. Update AMD PI 1.2.0.0. 3. Add CVE-2024-36347 patch. 4. Add CVE-2023-40238 patch. 5. Add CVE-2024-38796 patch. 6. Add CVE-2024-6364 patch. 7. Add CVE-2024-52877 patch. 8. Add CVE-2024-52878 …

Also mentions: CVE-2024-36347 CVE-2024-6364 CVE-2024-52878 CVE-2024-52880 CVE-2024-52879 CVE-2024-52877 CVE-2024-38796

12.0

View Original

Reddit • 2 months, 3 weeks ago

Masayoshii

Legion Pro 7i Gen 9 / 16IRX9H, June 25 BIOS N2CN27WW Available for Download **June 25, BIOS N2CN27WW is available for Legion Pro 7i Gen 9 / 16IRX9H**, and **brings Microcode Update revision to 12E** and release notes below: [https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/legion-series/legion-pro-7-16irx9h/83de/83de001sus/downloads/ds567127-bios-update-for-windows-10-64-bit-legion-pro-7-16irx9h?category=BIOS%2FUEFI](https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/legion-series/legion-pro-7-16irx9h/83de/83de001sus/downloads/ds567127-bios-update-for-windows-10-64-bit-legion-pro-7-16irx9h?category=BIOS%2FUEFI) Note: During upgrade, you'll see an initial progress indicator > …

Also mentions: CVE-2024-45332 CVE-2024-52878 CVE-2024-52880 CVE-2024-24582 CVE-2024-43420 CVE-2024-52879 CVE-2024-52877 CVE-2024-7344

8.0

View Original

Reddit • 3 months ago

Alternative-Wave-185

New Gen8 Bios KWCN50WW with Intel Microcode 0x12e Hi Board, there is a new Bios Update KWCN50WW for the following devices. It also contains Intel Microcode 0x12e as undocumented change. [https://download.lenovo.com/consumer/mobiles/kwcn50ww.exe](https://download.lenovo.com/consumer/mobiles/kwcn50ww.exe) [https://download.lenovo.com/consumer/mobiles/kwcn50ww.txt](https://download.lenovo.com/consumer/mobiles/kwcn50ww.txt) >Legion Pro 5 16IRX8/Lenovo Legion Pro 5 16IRX8/Legion Y9000P IRX8/Legion Pro 7 16IRX8H/Lenovo Legion Pro 7 16IRX8H/Legion Y9000P …