A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.
Affected:< 1.28.0Fixed in:1.28.0CVE-2023-40238derived from NVD
celsius h5511 firmwareNVD
Affected:< 1.16Fixed in:1.16CVE-2023-40238derived from NVD
celsius h7510 firmwareNVD
Affected:< 1.17Fixed in:1.17CVE-2023-40238derived from NVD
celsius h7613 firmwareNVD
Affected:< 1.14Fixed in:1.14CVE-2023-40238derived from NVD
celsius h780 firmwareNVD
Affected:< 1.23Fixed in:1.23CVE-2023-40238derived from NVD
celsius j5010 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
celsius j550\/2 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
celsius j580 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
celsius m7010 firmwareNVD
Affected:< 1.12.0Fixed in:1.12.0CVE-2023-40238derived from NVD
celsius m7010power firmwareNVD
Affected:< 1.12.0Fixed in:1.12.0CVE-2023-40238derived from NVD
celsius m7010x firmwareNVD
Affected:< 1.06.0Fixed in:1.06.0CVE-2023-40238derived from NVD
celsius m7010xpower firmwareNVD
Affected:< 1.06.0Fixed in:1.06.0CVE-2023-40238derived from NVD
celsius r970 firmwareNVD
Affected:< 1.14.0Fixed in:1.14.0CVE-2023-40238derived from NVD
celsius r970b firmwareNVD
Affected:< 1.14.0Fixed in:1.14.0CVE-2023-40238derived from NVD
celsius r970bpower firmwareNVD
Affected:< 1.14.0Fixed in:1.14.0CVE-2023-40238derived from NVD
celsius w5010\/l firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
celsius w5010 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
celsius w5011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
celsius w5012-ll firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
celsius w5012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
celsius w570 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
celsius w570power\+ firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
celsius w570power firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
celsius w580 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
celsius w580power\+ firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
celsius w580power firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo d556\/2 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo d6011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
esprimo d6012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo d7010\/8 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo d7010 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo d7011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
esprimo d7012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo d7013 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo d738 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo d757 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo d9010 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo d9011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
esprimo d9012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo d9013 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo d957\/e9x\+ firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo d957 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo d958 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo g5010 firmwareNVD
Affected:< 1.45.0Fixed in:1.45.0CVE-2023-40238derived from NVD
esprimo g5011 firmwareNVD
Affected:< 1.27.0Fixed in:1.27.0CVE-2023-40238derived from NVD
esprimo g558 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo g6012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo g9010 firmwareNVD
Affected:< 1.45.0Fixed in:1.45.0CVE-2023-40238derived from NVD
esprimo g9012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo g9013 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo k5010\/24 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo k557\/24 firmwareNVD
Affected:< 1.18.0Fixed in:1.18.0CVE-2023-40238derived from NVD
esprimo k558\/24 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo p5010 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo p5011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
esprimo p557 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo p558\/power firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo p6012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo p7010 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo p7011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
esprimo p7012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo p7013 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo p757 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo p758 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo p9011 firmwareNVD
Affected:< 1.31.0Fixed in:1.31.0CVE-2023-40238derived from NVD
esprimo p9012 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo p9013 firmwareNVD
Affected:< 3.08.0Fixed in:3.08.0CVE-2023-40238derived from NVD
esprimo p957 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo p958\/power firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo p958 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo p9910 firmwareNVD
Affected:< 1.64.0Fixed in:1.64.0CVE-2023-40238derived from NVD
esprimo q556\/2\/d firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo q556\/2 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo q558 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo q7010 firmwareNVD
Affected:< 2.20.0Fixed in:2.20.0CVE-2023-40238derived from NVD
esprimo q957\/mre firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo q957 firmwareNVD
Affected:< 1.35.0Fixed in:1.35.0CVE-2023-40238derived from NVD
esprimo q958\/mre firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
esprimo q958 firmwareNVD
Affected:< 1.38.0Fixed in:1.38.0CVE-2023-40238derived from NVD
insydeh2oNVD
Affected:>= 5.6, < 5.6.05.60.47Fixed in:5.6.05.60.47CVE-2023-40238derived from NVD
lifebook a3510 firmwareNVD
Affected:< 1.16Fixed in:1.16CVE-2023-40238derived from NVD
lifebook e4411 firmwareNVD
Affected:< 2.40Fixed in:2.40CVE-2023-40238derived from NVD
lifebook e4511 firmwareNVD
Affected:< 2.40Fixed in:2.40CVE-2023-40238derived from NVD
lifebook e5410 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook e5411 firmwareNVD
Affected:< 2.40Fixed in:2.40CVE-2023-40238derived from NVD
lifebook e5412\/mtc firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook e5412 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook e5413 firmwareNVD
Affected:< 2.15Fixed in:2.15CVE-2023-40238derived from NVD
lifebook e549 firmwareNVD
Affected:< 2.25Fixed in:2.25CVE-2023-40238derived from NVD
lifebook e5510 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook e5511 firmwareNVD
Affected:< 2.40Fixed in:2.40CVE-2023-40238derived from NVD
lifebook e5512 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook e5513 firmwareNVD
Affected:< 2.15Fixed in:2.15CVE-2023-40238derived from NVD
lifebook e559 firmwareNVD
Affected:< 2.25Fixed in:2.25CVE-2023-40238derived from NVD
lifebook t939 firmwareNVD
Affected:< 2.20Fixed in:2.20CVE-2023-40238derived from NVD
lifebook u5313x firmwareNVD
Affected:< 2.08Fixed in:2.08CVE-2023-40238derived from NVD
lifebook u729 firmwareNVD
Affected:< 2.30Fixed in:2.30CVE-2023-40238derived from NVD
lifebook u729x firmwareNVD
Affected:< 2.21Fixed in:2.21CVE-2023-40238derived from NVD
lifebook u7310 firmwareNVD
Affected:< 2.29Fixed in:2.29CVE-2023-40238derived from NVD
lifebook u7311 firmwareNVD
Affected:< 2.44Fixed in:2.44CVE-2023-40238derived from NVD
lifebook u7312 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook u7313 firmwareNVD
Affected:< 2.15Fixed in:2.15CVE-2023-40238derived from NVD
lifebook u7410 firmwareNVD
Affected:< 2.29Fixed in:2.29CVE-2023-40238derived from NVD
lifebook u7411 firmwareNVD
Affected:< 2.44Fixed in:2.44CVE-2023-40238derived from NVD
lifebook u7412 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook u7413 firmwareNVD
Affected:< 2.15Fixed in:2.15CVE-2023-40238derived from NVD
lifebook u749 firmwareNVD
Affected:< 2.30Fixed in:2.30CVE-2023-40238derived from NVD
lifebook u7510 firmwareNVD
Affected:< 2.29Fixed in:2.29CVE-2023-40238derived from NVD
lifebook u7511 firmwareNVD
Affected:< 2.44Fixed in:2.44CVE-2023-40238derived from NVD
lifebook u7512 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2023-40238derived from NVD
lifebook u759 firmwareNVD
Affected:< 2.30Fixed in:2.30CVE-2023-40238derived from NVD
lifebook u7613 firmwareNVD
Affected:< 2.15Fixed in:2.15CVE-2023-40238derived from NVD
lifebook u9310 firmwareNVD
Affected:< 2.27Fixed in:2.27CVE-2023-40238derived from NVD
lifebook u9310x firmwareNVD
Affected:< 2.27Fixed in:2.27CVE-2023-40238derived from NVD
lifebook u9311 firmwareNVD
Affected:< 2.53Fixed in:2.53CVE-2023-40238derived from NVD
lifebook u9312 firmwareNVD
Affected:< 2.31Fixed in:2.31CVE-2023-40238derived from NVD
lifebook u9312x firmwareNVD
Affected:< 2.21Fixed in:2.21CVE-2023-40238derived from NVD
lifebook u9313x firmwareNVD
Affected:< 2.12Fixed in:2.12CVE-2023-40238derived from NVD
lifebook u939 firmwareNVD
Affected:< 2.23Fixed in:2.23CVE-2023-40238derived from NVD
lifebook u939x firmwareNVD
Affected:< 2.26Fixed in:2.26CVE-2023-40238derived from NVD
lifebook u9413 firmwareNVD
Affected:< 2.12Fixed in:2.12CVE-2023-40238derived from NVD
primequest 3800b2 firmwareNVD
Affected:< 1.67.0Fixed in:1.67.0CVE-2023-40238derived from NVD
primequest 3800b firmwareNVD
Affected:< 2.23.0Fixed in:2.23.0CVE-2023-40238derived from NVD
primequest 3800e2 firmwareNVD
Affected:< pb25021Fixed in:pb25021CVE-2023-40238derived from NVD
primequest 3800e firmwareNVD
Affected:< pa25021Fixed in:pa25021CVE-2023-40238derived from NVD
primequest 4400e firmwareNVD
Affected:< fa17001Fixed in:fa17001CVE-2023-40238derived from NVD
primergy bx2560 m2 firmwareNVD
Affected:< 1.21.0Fixed in:1.21.0CVE-2023-40238derived from NVD
primergy bx2580 m2 firmwareNVD
Affected:< 1.21.0Fixed in:1.21.0CVE-2023-40238derived from NVD
primergy cx2550 m4 firmwareNVD
Affected:< 1.51.0Fixed in:1.51.0CVE-2023-40238derived from NVD
primergy cx2550 m5 firmwareNVD
Affected:< 1.25.0Fixed in:1.25.0CVE-2023-40238derived from NVD
primergy cx2550 m6 firmwareNVD
Affected:< 1.34.0Fixed in:1.34.0CVE-2023-40238derived from NVD
primergy cx2550 m7 firmwareNVD
Affected:< 2.6.0Fixed in:2.6.0CVE-2023-40238derived from NVD
primergy cx2560 m4 firmwareNVD
Affected:< 1..51.0Fixed in:1..51.0CVE-2023-40238derived from NVD
primergy cx2560 m5 firmwareNVD
Affected:< 1.34.0Fixed in:1.34.0CVE-2023-40238derived from NVD
primergy cx2560 m6 firmwareNVD
Affected:< 1.34.0Fixed in:1.34.0CVE-2023-40238derived from NVD
primergy cx2560 m7 firmwareNVD
Affected:< 2.2.0Fixed in:2.2.0CVE-2023-40238derived from NVD
primergy cx2570 m4 firmwareNVD
Affected:< 1.51.0Fixed in:1.51.0CVE-2023-40238derived from NVD
primergy cx2570 m5 firmwareNVD
Affected:< 1.25.0Fixed in:1.25.0CVE-2023-40238derived from NVD
primergy gx2460 m1 firmwareNVD
Affected:< 7.11.3Fixed in:7.11.3CVE-2023-40238derived from NVD
primergy gx2560 m7 firmwareNVD
Affected:< 2.6.0Fixed in:2.6.0CVE-2023-40238derived from NVD
primergy gx2570 m6 firmwareNVD
Affected:< 1.9Fixed in:1.9CVE-2023-40238derived from NVD
primergy rx1330 m3 firmwareNVD
Affected:< 1.39.0Fixed in:1.39.0CVE-2023-40238derived from NVD
primergy rx1330 m4 firmwareNVD
Affected:< 1.30.0Fixed in:1.30.0CVE-2023-40238derived from NVD
primergy rx1330 m5 firmwareNVD
Affected:< 1.50.0Fixed in:1.50.0CVE-2023-40238derived from NVD
primergy rx1440 m2 firmwareNVD
Affected:< 1.6.0Fixed in:1.6.0CVE-2023-40238derived from NVD
primergy rx2450 m1 firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2023-40238derived from NVD
primergy rx2450 m2 firmwareNVD
Affected:< 1.6.0Fixed in:1.6.0CVE-2023-40238derived from NVD
primergy rx2520 m4 firmwareNVD
Affected:< 1.63.0Fixed in:1.63.0CVE-2023-40238derived from NVD
primergy rx2520 m5 firmwareNVD
Affected:< 1.41.0Fixed in:1.41.0CVE-2023-40238derived from NVD
primergy rx2530 m4 firmwareNVD
Affected:< 1.63.0Fixed in:1.63.0CVE-2023-40238derived from NVD
primergy rx2530 m5 firmwareNVD
Affected:< 1.41.0Fixed in:1.41.0CVE-2023-40238derived from NVD
primergy rx2530 m6 firmwareNVD
Affected:< 1.28.0Fixed in:1.28.0CVE-2023-40238derived from NVD
primergy rx2530 m7 firmwareNVD
Affected:< 2.8.0Fixed in:2.8.0CVE-2023-40238derived from NVD
primergy rx2540 m4 firmwareNVD
Affected:< 1.63.0Fixed in:1.63.0CVE-2023-40238derived from NVD
primergy rx2540 m5 firmwareNVD
Affected:< 1.41.0Fixed in:1.41.0CVE-2023-40238derived from NVD
primergy rx2540 m6 firmwareNVD
Affected:< 1.28.0Fixed in:1.28.0CVE-2023-40238derived from NVD
primergy rx2540 m7 firmwareNVD
Affected:< 2.8.0Fixed in:2.8.0CVE-2023-40238derived from NVD
primergy rx4770 m3 firmwareNVD
Affected:< 1.27.0Fixed in:1.27.0CVE-2023-40238derived from NVD
primergy rx4770 m4 firmwareNVD
Affected:< 1.63.0Fixed in:1.63.0CVE-2023-40238derived from NVD
primergy rx4770 m5 firmwareNVD
Affected:< 1.41.0Fixed in:1.41.0CVE-2023-40238derived from NVD
primergy rx4770 m6 firmwareNVD
Affected:< 1.23.0Fixed in:1.23.0CVE-2023-40238derived from NVD
primergy rx4770 m7 firmwareNVD
Affected:< 2.8.0Fixed in:2.8.0CVE-2023-40238derived from NVD
primergy rx8770 m7 firmwareNVD
Affected:< 2.8.0Fixed in:2.8.0CVE-2023-40238derived from NVD
primergy tx1310 m3 firmwareNVD
Affected:< 1.39.0Fixed in:1.39.0CVE-2023-40238derived from NVD
primergy tx1310 m5 firmwareNVD
Affected:< 1.50.0Fixed in:1.50.0CVE-2023-40238derived from NVD
primergy tx1320 m3 firmwareNVD
Affected:< 1.39.0Fixed in:1.39.0CVE-2023-40238derived from NVD
primergy tx1320 m4 firmwareNVD
Affected:< 1.30.0Fixed in:1.30.0CVE-2023-40238derived from NVD
primergy tx1320 m5 firmwareNVD
Affected:< 1.50.0Fixed in:1.50.0CVE-2023-40238derived from NVD
primergy tx1330 m3 firmwareNVD
Affected:< 1.39.0Fixed in:1.39.0CVE-2023-40238derived from NVD
primergy tx1330 m4 firmwareNVD
Affected:< 1.30.0Fixed in:1.30.0CVE-2023-40238derived from NVD
primergy tx1330 m5 firmwareNVD
Affected:< 1.50.0Fixed in:1.50.0CVE-2023-40238derived from NVD
primergy tx2550 m4 firmwareNVD
Affected:< 1.63.0Fixed in:1.63.0CVE-2023-40238derived from NVD
primergy tx2550 m5 firmwareNVD
Affected:< 1.41.0Fixed in:1.41.0CVE-2023-40238derived from NVD
primergy tx2550 m7 firmwareNVD
Affected:< 2.5.0Fixed in:2.5.0CVE-2023-40238derived from NVD
stylistic q5010 firmwareNVD
Affected:< 1.38Fixed in:1.38CVE-2023-40238derived from NVD
stylistic q509 firmwareNVD
Affected:< 1.37Fixed in:1.37CVE-2023-40238derived from NVD
stylistic q7310 firmwareNVD
Affected:< 2.27Fixed in:2.27CVE-2023-40238derived from NVD
stylistic q7311 firmwareNVD
Affected:< 2.36Fixed in:2.36CVE-2023-40238derived from NVD
stylistic q7312 firmwareNVD
Affected:< 2.17Fixed in:2.17CVE-2023-40238derived from NVD
stylistic q739 firmwareNVD
Affected:< 2.21Fixed in:2.21CVE-2023-40238derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploit Intelligence
1.86%probability of exploitation in 30 days
77thpercentile
Elevated risk: more likely to be exploited than 77% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-25.