CVE-2023-40238

MEDIUM 5.5

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

Vendor	n/a
Product	n/a
Published	Dec 7, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

insyde.com: https://www.insyde.com/security-pledge kb.cert.org: https://www.kb.cert.org/vuls/id/811862 insyde.com: https://www.insyde.com/security-pledge/SA-2023053 binarly.io: https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html security.netapp.com: https://security.netapp.com/advisory/ntap-20240105-0002/