A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.
総合評価: CVE-2023-40238 は悪用リスクが高い(65.4/100)。CVSS 深刻度は中。悪用される可能性が高い(EPSS 1.86%、76 パーセンタイル) 根拠: 公開エクスプロイトが 1 件参照されています(Exploit-DB)。 直近 1 日で EPSS が +1.70% 上昇。悪用への関心が高まっている可能性があります。 推奨対応: 公開エクスプロイトが確認されています。影響範囲の確認、緩和策の適用、パッチ適用を優先してください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
| EDB-ID | ソース | 種別 | 公開 | リンク |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.15% | 1.86% | +1.70% |
| 2 | 2026-06-02 | 0.10% | 0.15% | +0.05% |
| 3 | 2025-11-21 | — | 0.10% | — |
EPSS の全履歴 (全 8 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| fujitsu | esprimo_d556\/2_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_d556\/2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d6011_firmware | < 1.31.0 | cpe:2.3:o:fujitsu:esprimo_d6011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d6012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_d6012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d7010_firmware | < 1.64.0 | cpe:2.3:o:fujitsu:esprimo_d7010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d7010\/8_firmware | < 1.64.0 | cpe:2.3:o:fujitsu:esprimo_d7010\/8_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d7011_firmware | < 1.31.0 | cpe:2.3:o:fujitsu:esprimo_d7011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d7012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_d7012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d7013_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_d7013_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d738_firmware | < 1.38.0 | cpe:2.3:o:fujitsu:esprimo_d738_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d757_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_d757_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d9010_firmware | < 1.64.0 | cpe:2.3:o:fujitsu:esprimo_d9010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d9011_firmware | < 1.31.0 | cpe:2.3:o:fujitsu:esprimo_d9011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d9012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_d9012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d9013_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_d9013_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d957_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_d957_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d957\/e9x\+_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_d957\/e9x\+_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_d958_firmware | < 1.38.0 | cpe:2.3:o:fujitsu:esprimo_d958_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g5010_firmware | < 1.45.0 | cpe:2.3:o:fujitsu:esprimo_g5010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g5011_firmware | < 1.27.0 | cpe:2.3:o:fujitsu:esprimo_g5011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g558_firmware | < 1.38.0 | cpe:2.3:o:fujitsu:esprimo_g558_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g6012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_g6012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g9010_firmware | < 1.45.0 | cpe:2.3:o:fujitsu:esprimo_g9010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g9012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_g9012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_g9013_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_g9013_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_k5010\/24_firmware | < 1.64.0 | cpe:2.3:o:fujitsu:esprimo_k5010\/24_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_k557\/24_firmware | < 1.18.0 | cpe:2.3:o:fujitsu:esprimo_k557\/24_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_k558\/24_firmware | < 1.38.0 | cpe:2.3:o:fujitsu:esprimo_k558\/24_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p5010_firmware | < 1.64.0 | cpe:2.3:o:fujitsu:esprimo_p5010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p5011_firmware | < 1.31.0 | cpe:2.3:o:fujitsu:esprimo_p5011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p557_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_p557_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p558\/power_firmware | < 1.38.0 | cpe:2.3:o:fujitsu:esprimo_p558\/power_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p6012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_p6012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p7010_firmware | < 1.64.0 | cpe:2.3:o:fujitsu:esprimo_p7010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p7011_firmware | < 1.31.0 | cpe:2.3:o:fujitsu:esprimo_p7011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p7012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_p7012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p7013_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_p7013_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p757_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_p757_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p758_firmware | < 1.38.0 | cpe:2.3:o:fujitsu:esprimo_p758_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p9010_firmware | <= 1.64.0 | cpe:2.3:o:fujitsu:esprimo_p9010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p9011_firmware | < 1.31.0 | cpe:2.3:o:fujitsu:esprimo_p9011_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p9012_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_p9012_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p9013_firmware | < 3.08.0 | cpe:2.3:o:fujitsu:esprimo_p9013_firmware:*:*:*:*:*:*:*:* |
| fujitsu | esprimo_p957_firmware | < 1.35.0 | cpe:2.3:o:fujitsu:esprimo_p957_firmware:*:*:*:*:*:*:*:* |
| fujitsu | lifebook_u9313x_firmware | < 2.12 | cpe:2.3:o:fujitsu:lifebook_u9313x_firmware:*:*:*:*:*:*:*:* |
| fujitsu | lifebook_u939_firmware | < 2.23 | cpe:2.3:o:fujitsu:lifebook_u939_firmware:*:*:*:*:*:*:*:* |
| fujitsu | lifebook_u939x_firmware | < 2.26 | cpe:2.3:o:fujitsu:lifebook_u939x_firmware:*:*:*:*:*:*:*:* |
| fujitsu | lifebook_u9413_firmware | < 2.12 | cpe:2.3:o:fujitsu:lifebook_u9413_firmware:*:*:*:*:*:*:*:* |
| fujitsu | stylistic_q5010_firmware | < 1.38 | cpe:2.3:o:fujitsu:stylistic_q5010_firmware:*:*:*:*:*:*:*:* |
| fujitsu | stylistic_q509_firmware | < 1.37 | cpe:2.3:o:fujitsu:stylistic_q509_firmware:*:*:*:*:*:*:*:* |
| fujitsu | stylistic_q7310_firmware | < 2.27 | cpe:2.3:o:fujitsu:stylistic_q7310_firmware:*:*:*:*:*:*:*:* |
| fujitsu | stylistic_q7311_firmware | < 2.36 | cpe:2.3:o:fujitsu:stylistic_q7311_firmware:*:*:*:*:*:*:*:* |
| fujitsu | stylistic_q7312_firmware | < 2.17 | cpe:2.3:o:fujitsu:stylistic_q7312_firmware:*:*:*:*:*:*:*:* |
| fujitsu | stylistic_q739_firmware | < 2.21 | cpe:2.3:o:fujitsu:stylistic_q739_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primequest_3800b_firmware | < 2.23.0 | cpe:2.3:o:fujitsu:primequest_3800b_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primequest_3800b2_firmware | < 1.67.0 | cpe:2.3:o:fujitsu:primequest_3800b2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primequest_3800e_firmware | < pa25021 | cpe:2.3:o:fujitsu:primequest_3800e_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primequest_3800e2_firmware | < pb25021 | cpe:2.3:o:fujitsu:primequest_3800e2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primequest_4400e_firmware | < fa17001 | cpe:2.3:o:fujitsu:primequest_4400e_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_bx2560_m2_firmware | < 1.21.0 | cpe:2.3:o:fujitsu:primergy_bx2560_m2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_bx2580_m2_firmware | < 1.21.0 | cpe:2.3:o:fujitsu:primergy_bx2580_m2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2550_m4_firmware | < 1.51.0 | cpe:2.3:o:fujitsu:primergy_cx2550_m4_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2550_m5_firmware | < 1.25.0 | cpe:2.3:o:fujitsu:primergy_cx2550_m5_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2550_m6_firmware | < 1.34.0 | cpe:2.3:o:fujitsu:primergy_cx2550_m6_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2550_m7_firmware | < 2.6.0 | cpe:2.3:o:fujitsu:primergy_cx2550_m7_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2560_m4_firmware | < 1..51.0 | cpe:2.3:o:fujitsu:primergy_cx2560_m4_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2560_m5_firmware | < 1.34.0 | cpe:2.3:o:fujitsu:primergy_cx2560_m5_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2560_m6_firmware | < 1.34.0 | cpe:2.3:o:fujitsu:primergy_cx2560_m6_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2560_m7_firmware | < 2.2.0 | cpe:2.3:o:fujitsu:primergy_cx2560_m7_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2570_m4_firmware | < 1.51.0 | cpe:2.3:o:fujitsu:primergy_cx2570_m4_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_cx2570_m5_firmware | < 1.25.0 | cpe:2.3:o:fujitsu:primergy_cx2570_m5_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_gx2460_m1_firmware | < 7.11.3 | cpe:2.3:o:fujitsu:primergy_gx2460_m1_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_gx2560_m7_firmware | < 2.6.0 | cpe:2.3:o:fujitsu:primergy_gx2560_m7_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_gx2570_m6_firmware | < 1.9 | cpe:2.3:o:fujitsu:primergy_gx2570_m6_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx1330_m3_firmware | < 1.39.0 | cpe:2.3:o:fujitsu:primergy_rx1330_m3_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx1330_m4_firmware | < 1.30.0 | cpe:2.3:o:fujitsu:primergy_rx1330_m4_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx1330_m5_firmware | < 1.50.0 | cpe:2.3:o:fujitsu:primergy_rx1330_m5_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx1440_m2_firmware | < 1.6.0 | cpe:2.3:o:fujitsu:primergy_rx1440_m2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx2450_m1_firmware | < 3.0 | cpe:2.3:o:fujitsu:primergy_rx2450_m1_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx2450_m2_firmware | < 1.6.0 | cpe:2.3:o:fujitsu:primergy_rx2450_m2_firmware:*:*:*:*:*:*:*:* |
| fujitsu | primergy_rx2520_m4_firmware | < 1.63.0 | cpe:2.3:o:fujitsu:primergy_rx2520_m4_firmware:*:*:*:*:*:*:*:* |
| URL | タグ |
|---|---|
| https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html | Exploit |
| https://security.netapp.com/advisory/ntap-20240105-0002/ | Third Party Advisory |
| https://www.insyde.com/security-pledge | Vendor Advisory |
| https://www.insyde.com/security-pledge/SA-2023053 | Vendor Advisory |
| https://www.kb.cert.org/vuls/id/811862 | Third Party Advisory |