Support Center > 详细页 > 安全公告详细

Security Advisory - Security updates related to LogoFAIL and other vulnerabilities in some products of KAYTUS

  • SA No KAYTUS-SA-202404-001
  • Initial Release Date 2024-04-28 10:58:09
  • last Release Date 2024-04-28 13:39:03
  • Source AMI Security Advisory
  • Potential Security Impact Arbitrary Code Execution or DOS
Vulnerability Summary

LogoFail:The BMP, GIF, JPEG, PCX, and TGA parsing inventory contained in the BIOS UEFI system firmware is vulnerable. These libraries are used to parse personalized boot logo images loaded from EFI system partitions, which may cause local attackers with elevated privileges to trigger a denial of service or arbitrary code execution, involving multiple CVEs (CVE-2023-39538, CVE-2023-39539)
CVE-2023-52080:KAYTUS server UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit  this by modifying these variables on SPI Flash, resulting in memory  data being tampered with. When critical data in memory data is tampered with,a crash may occur.

Vulnerability Scoring Details
CVE V3.1 Vector(Base) Base Score V3.1 Vector(Temporal Score) Temporal Score
CVE-2023-39538 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.5 E:P/RL:O/RC:C 6.7
CVE-2023-39539 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.5 E:P/RL:O/RC:C 6.7
CVE-2023-52080 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 5.5 E:P/RL:O/RC:C 5.0

Fixed Product Version
Products FW UpdateVersion
KR2280X2 KR2280V2_BIOS_05.17.00
KR4480X2 KR4480V2_BIOS_05.17.00
KR2460X2 KR2460V2_BIOS_05.17.00
KR1280X2 KR1280V2_BIOS_05.12.01
KR4276X2 KR4276V2_BIOS_05.17.00
KR4266X2 KR4266V2_BIOS_05.17.00
KR6880X2 KR6880V2_BIOS_05.17.00
KR6288X2 KR6288V2_BIOS_06.00.00
KR4268X2 KR4268V2_BIOS_06.00.00
KR2266X2 KR2266V2_BIOS_05.17.00

Resolution

Please visit the support center directly to obtain patches and related technical support.

Revision History

2024-04-28 V1.0 INITIAL

References
Support

For issues about implementing the recommendations of this Security Bulletin, contact normal KAYTUS Services Support channel. For other issues about the content of this Security Bulletin, send e-mail to sec@kaytus.com.

Report

To report a potential security vulnerability for KAYTUS product: Reporting a Security Vulnerability

Declaration

KAYTUS shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, KAYTUS disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement. In no event shall KAYTUS or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. KAYTUS is entitled to amend or update this document from time to time.