GETAC TECHNOLOGY CORPORATION SECURITY UPDATE FOR INSYDEH2O UEFI FIRMWARE VULNERABILITIES

Getac Technology Corporation (“Getac”) is reviewing and assessing the impact of the InsydeH2O UEFI Firmware Vulnerabilities to our products. The security of our products is a top priority and critical to protecting our customers.

INSYDE SECURITY ADVISORY (ISA)

Multiple potential security vulnerabilities in the Insyde® InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware (Insyde® InsydeH2O UEFI-BIOS or the “Product”) may result compromise of confidentiality, integrity and availability.

Description:

The description of the vulnerabilities are as follows:

INSYDE-SA-2022/Q1: 2022/Q1 ISA – Insyde® Firmware (InsydeH2O UEFI-BIOS) Advisory
VulnerabilitiesBINARLY IDCVE ID

SMM Callout

BRLY-2021-008

CVE-2020-5953

BRLY-2021-017

CVE-2021-41839

BRLY-2021-018

CVE-2021-41841

BRLY-2021-019

CVE-2021-41840

BRLY-2021-020

CVE-2020-27339

BRLY-2021-022

CVE-2021-42060

BRLY-2021-023

CVE-2021-42113

BRLY-2021-024

CVE-2021-43522

BRLY-2021-025

CVE-2022-24069

BRLY-2021-028

CVE-2021-43615

SMM Memory Corruption

BRLY-2021-009

CVE-2021-41837

BRLY-2021-010

CVE-2021-41838

BRLY-2021-011

CVE-2021-33627

BRLY-2021-012

CVE-2021-45971

BRLY-2021-013

CVE-2021-33626

BRLY-2021-015

CVE-2021-45970

BRLY-2021-016

CVE-2021-45969

BRLY-2021-026

CVE-2022-24030

BRLY-2021-027

CVE-2021-42554

BRLY-2021-029

CVE-2021-33625

BRLY-2021-030

CVE-2022-24031

BRLY-2021-031

CVE-2021-43323

DXE Memory Corruption

BRLY-2021-021

CVE-2021-42059

Insyde has examined the affected Product and scheduled to release various batches of firmware updates for supported InsydeH2O UEFI-BIOS firmware versions that remediate the vulnerabilities as follows.

Potential Impact:

According to the information provided, the potential impact of INSYDE-SA-2022/Q1 is: Loss of Confidentiality, Integrity and Availability

Advisory References:

Getac Affected Products and Remediations:

No:Models:BIOS VersionBIOS Release Plan
1F110G6R1.07.0705202022/2/25
S410G4R1.22.070520
K120G2R1.12.070520
2F110G5 R1.16.0705202022/3/4
V110G6R1.09.070520
UX10G2R1.14.070520
B360R1.24.070520
A140G2R1.10.070520
X500G3R1.26.070520
T800G2R1.24.070520
3A140G1R1.20.0705202022/3/23
B300G7R1.15.070520
EX80R1.07.070520
F110G4R1.23.070520
K120G1R1.15.070520
RX10G2R1.14.070520
S410G2R1.26.070520
S410G3R1.22.070520
UX10G1R1.17.070520
V110G4R1.18.070520
V110G5R1.12.070520

* Find out which generation of your Getac product model at https://support.getac.com/Portal/Page/786

Getac urges our valued customers to update the BIOS for each corresponding Getac Model as soon as possible once the release is available to resolve the multiple potential security vulnerabilities in the Insyde® InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware (Insyde® InsydeH2O UEFI-BIOS).

Getac Disclaimer

All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis, without express or implied warranties of any kind. All products, information, and figures specified are preliminary based on current expectations and are subject to change without notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their individual environments and take appropriate actions. In no event shall Getac or any of its affiliates be liable for any direct, indirect, consequential, punitive, special, or incidental damages arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon (including, without limitation, damages for loss of business, contract, revenue, data, information, or business interruption). Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.


February 11, 2022

Have any questions? Talk to us.


Direct Marketing Consent


Getac's Privacy Notice