Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
MediumPublic exploit

LogoFAIL out-of-bounds write in Insyde InsydeH2O BmpDecoderDxe

IdentifiersCVE-2023-40238CWE-787

CVE-2023-40238 is a LogoFAIL vulnerability in the BMP image parser used by Insyde InsydeH2O firmware on certain Lenovo devices. The flaw is in the BmpDecoderDxe DXE driver, specifically in BMP RLE4/RLE8 decompression handling. According to the provided content, crafted BMP logo files can trigger an integer signedness error involving PixelHeight and PixelWidth, causing incorrect pointer arithmetic during image decoding. In the reported RLE8 case, DecodeRLE8 computes a destination pointer based on PixelWidth * (PixelHeight - i - 1); if PixelHeight is attacker-controlled and set to 0, the computed BltEntry pointer underflows and points below the intended BltOutput buffer. Subsequent decode writes then copy attacker-influenced data to a controllable memory address during the UEFI DXE phase. The issue affects Insyde InsydeH2O kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can produce an out-of-bounds write during DXE, enabling memory corruption in the pre-OS firmware environment. The provided material states this can lead to arbitrary code execution in a DXE driver context, bypass of Secure Boot and related hardware-verified boot protections, modification of NVRAM or SPI flash for persistence, influence over the OS boot process, and possible hooking or modification of EFI Runtime Services. At minimum, malformed BMP input can also crash firmware parsing and potentially brick a device during boot if writes hit unmapped memory.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, disable or restrict user-supplied/custom boot logo functionality where supported. Prevent untrusted modification of the EFI System Partition and relevant NVRAM variables used for logo selection or validation. Limit firmware to trusted, validated image sources and avoid parsing attacker-controlled BMP assets during boot. Recovery from a boot-bricking condition may require removing the malicious logo from the ESP or reflashing SPI/NVRAM, according to the provided research context.

Remediation

Patch, then assume compromise.

Update affected Insyde InsydeH2O firmware to a fixed release. The content identifies fixed version thresholds as kernel 5.2 >= 05.28.47, 5.3 >= 05.37.47, 5.4 >= 05.45.47, 5.5 >= 05.53.47, and 5.6 >= 05.60.47, as provided by the OEM/vendor for affected Lenovo devices. Apply Lenovo/Insyde firmware advisories and deploy the latest BIOS/UEFI updates for impacted systems.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
FujitsuCelsius C780 Firmwareoperating_system
FujitsuCelsius H5511 Firmwareoperating_system
FujitsuCelsius H7510 Firmwareoperating_system
FujitsuCelsius H7613 Firmwareoperating_system
FujitsuCelsius H780 Firmwareoperating_system
FujitsuCelsius H980 Firmwareoperating_system
FujitsuCelsius J5010 Firmwareoperating_system
FujitsuCelsius J550/2 Firmwareoperating_system
FujitsuCelsius J580 Firmwareoperating_system
FujitsuCelsius M7010 Firmwareoperating_system
FujitsuCelsius M7010power Firmwareoperating_system
FujitsuCelsius M7010x Firmwareoperating_system
FujitsuCelsius M7010xpower Firmwareoperating_system
FujitsuCelsius R970 Firmwareoperating_system
FujitsuCelsius R970b Firmwareoperating_system
FujitsuCelsius R970bpower Firmwareoperating_system
FujitsuCelsius W5010 Firmwareoperating_system
FujitsuCelsius W5010/L Firmwareoperating_system
FujitsuCelsius W5011 Firmwareoperating_system
FujitsuCelsius W5012 Firmwareoperating_system
FujitsuCelsius W5012-Ll Firmwareoperating_system
FujitsuCelsius W570 Firmwareoperating_system
FujitsuCelsius W570power Firmwareoperating_system
FujitsuCelsius W570power+ Firmwareoperating_system
FujitsuCelsius W580 Firmwareoperating_system
FujitsuCelsius W580power Firmwareoperating_system
FujitsuCelsius W580power+ Firmwareoperating_system
FujitsuEsprimo D556/2 Firmwareoperating_system
FujitsuEsprimo D6011 Firmwareoperating_system
FujitsuEsprimo D6012 Firmwareoperating_system
FujitsuEsprimo D7010 Firmwareoperating_system
FujitsuEsprimo D7010/8 Firmwareoperating_system
FujitsuEsprimo D7011 Firmwareoperating_system
FujitsuEsprimo D7012 Firmwareoperating_system
FujitsuEsprimo D7013 Firmwareoperating_system
FujitsuEsprimo D738 Firmwareoperating_system
FujitsuEsprimo D757 Firmwareoperating_system
FujitsuEsprimo D9010 Firmwareoperating_system
FujitsuEsprimo D9011 Firmwareoperating_system
FujitsuEsprimo D9012 Firmwareoperating_system
FujitsuEsprimo D9013 Firmwareoperating_system
FujitsuEsprimo D957 Firmwareoperating_system
FujitsuEsprimo D957/E9x+ Firmwareoperating_system
FujitsuEsprimo D958 Firmwareoperating_system
FujitsuEsprimo G5010 Firmwareoperating_system
FujitsuEsprimo G5011 Firmwareoperating_system
FujitsuEsprimo G558 Firmwareoperating_system
FujitsuEsprimo G6012 Firmwareoperating_system
FujitsuEsprimo G9010 Firmwareoperating_system
FujitsuEsprimo G9012 Firmwareoperating_system
FujitsuEsprimo G9013 Firmwareoperating_system
FujitsuEsprimo K5010/24 Firmwareoperating_system
FujitsuEsprimo K557/24 Firmwareoperating_system
FujitsuEsprimo K558/24 Firmwareoperating_system
FujitsuEsprimo P5010 Firmwareoperating_system
FujitsuEsprimo P5011 Firmwareoperating_system
FujitsuEsprimo P557 Firmwareoperating_system
FujitsuEsprimo P558/Power Firmwareoperating_system
FujitsuEsprimo P6012 Firmwareoperating_system
FujitsuEsprimo P7010 Firmwareoperating_system
FujitsuEsprimo P7011 Firmwareoperating_system
FujitsuEsprimo P7012 Firmwareoperating_system
FujitsuEsprimo P7013 Firmwareoperating_system
FujitsuEsprimo P757 Firmwareoperating_system
FujitsuEsprimo P758 Firmwareoperating_system
FujitsuEsprimo P9010 Firmwareoperating_system
FujitsuEsprimo P9011 Firmwareoperating_system
FujitsuEsprimo P9012 Firmwareoperating_system
FujitsuEsprimo P9013 Firmwareoperating_system
FujitsuEsprimo P957 Firmwareoperating_system
FujitsuEsprimo P958 Firmwareoperating_system
FujitsuEsprimo P958/Power Firmwareoperating_system
FujitsuEsprimo P9910 Firmwareoperating_system
FujitsuEsprimo Q556/2 Firmwareoperating_system
FujitsuEsprimo Q556/2/D Firmwareoperating_system
FujitsuEsprimo Q558 Firmwareoperating_system
FujitsuEsprimo Q7010 Firmwareoperating_system
FujitsuEsprimo Q957 Firmwareoperating_system
FujitsuEsprimo Q957/Mre Firmwareoperating_system
FujitsuEsprimo Q958 Firmwareoperating_system
FujitsuEsprimo Q958/Mre Firmwareoperating_system
FujitsuLifebook A3510 Firmwareoperating_system
FujitsuLifebook A3511 Firmwareoperating_system
FujitsuLifebook E4411 Firmwareoperating_system
FujitsuLifebook E4511 Firmwareoperating_system
FujitsuLifebook E5410 Firmwareoperating_system
FujitsuLifebook E5411 Firmwareoperating_system
FujitsuLifebook E5412 Firmwareoperating_system
FujitsuLifebook E5412/Mtc Firmwareoperating_system
FujitsuLifebook E5413 Firmwareoperating_system
FujitsuLifebook E549 Firmwareoperating_system
FujitsuLifebook E5510 Firmwareoperating_system
FujitsuLifebook E5511 Firmwareoperating_system
FujitsuLifebook E5512 Firmwareoperating_system
FujitsuLifebook E5513 Firmwareoperating_system
FujitsuLifebook E559 Firmwareoperating_system
FujitsuLifebook E736 Firmwareoperating_system
FujitsuLifebook E736 Vpro Firmwareoperating_system
FujitsuLifebook E746 Firmwareoperating_system
FujitsuLifebook E746 Vpro Firmwareoperating_system
FujitsuLifebook T939 Firmwareoperating_system
FujitsuLifebook U5313x Firmwareoperating_system
FujitsuLifebook U729 Firmwareoperating_system
FujitsuLifebook U729x Firmwareoperating_system
FujitsuLifebook U7310 Firmwareoperating_system
FujitsuLifebook U7311 Firmwareoperating_system
FujitsuLifebook U7312 Firmwareoperating_system
FujitsuLifebook U7313 Firmwareoperating_system
FujitsuLifebook U7410 Firmwareoperating_system
FujitsuLifebook U7411 Firmwareoperating_system
FujitsuLifebook U7412 Firmwareoperating_system
FujitsuLifebook U7413 Firmwareoperating_system
FujitsuLifebook U749 Firmwareoperating_system
FujitsuLifebook U7510 Firmwareoperating_system
FujitsuLifebook U7511 Firmwareoperating_system
FujitsuLifebook U7512 Firmwareoperating_system
FujitsuLifebook U759 Firmwareoperating_system
FujitsuLifebook U7613 Firmwareoperating_system
FujitsuLifebook U9310 Firmwareoperating_system
FujitsuLifebook U9310x Firmwareoperating_system
FujitsuLifebook U9311 Firmwareoperating_system
FujitsuLifebook U9312 Firmwareoperating_system
FujitsuLifebook U9312x Firmwareoperating_system
FujitsuLifebook U9313x Firmwareoperating_system
FujitsuLifebook U939 Firmwareoperating_system
FujitsuLifebook U939x Firmwareoperating_system
FujitsuLifebook U9413 Firmwareoperating_system
FujitsuPrimequest 3800b Firmwareoperating_system
FujitsuPrimequest 3800b2 Firmwareoperating_system
FujitsuPrimequest 3800e Firmwareoperating_system
FujitsuPrimequest 3800e2 Firmwareoperating_system
FujitsuPrimequest 4400e Firmwareoperating_system
FujitsuPrimergy Bx2560 M2 Firmwareoperating_system
FujitsuPrimergy Bx2580 M2 Firmwareoperating_system
FujitsuPrimergy Cx2550 M4 Firmwareoperating_system
FujitsuPrimergy Cx2550 M5 Firmwareoperating_system
FujitsuPrimergy Cx2550 M6 Firmwareoperating_system
FujitsuPrimergy Cx2550 M7 Firmwareoperating_system
FujitsuPrimergy Cx2560 M4 Firmwareoperating_system
FujitsuPrimergy Cx2560 M5 Firmwareoperating_system
FujitsuPrimergy Cx2560 M6 Firmwareoperating_system
FujitsuPrimergy Cx2560 M7 Firmwareoperating_system
FujitsuPrimergy Cx2570 M4 Firmwareoperating_system
FujitsuPrimergy Cx2570 M5 Firmwareoperating_system
FujitsuPrimergy Gx2460 M1 Firmwareoperating_system
FujitsuPrimergy Gx2560 M7 Firmwareoperating_system
FujitsuPrimergy Gx2570 M6 Firmwareoperating_system
FujitsuPrimergy Rx1330 M3 Firmwareoperating_system
FujitsuPrimergy Rx1330 M4 Firmwareoperating_system
FujitsuPrimergy Rx1330 M5 Firmwareoperating_system
FujitsuPrimergy Rx1440 M2 Firmwareoperating_system
FujitsuPrimergy Rx2450 M1 Firmwareoperating_system
FujitsuPrimergy Rx2450 M2 Firmwareoperating_system
FujitsuPrimergy Rx2520 M4 Firmwareoperating_system
FujitsuPrimergy Rx2520 M5 Firmwareoperating_system
FujitsuPrimergy Rx2530 M4 Firmwareoperating_system
FujitsuPrimergy Rx2530 M5 Firmwareoperating_system
FujitsuPrimergy Rx2530 M6 Firmwareoperating_system
FujitsuPrimergy Rx2530 M7 Firmwareoperating_system
FujitsuPrimergy Rx2540 M4 Firmwareoperating_system
FujitsuPrimergy Rx2540 M5 Firmwareoperating_system
FujitsuPrimergy Rx2540 M6 Firmwareoperating_system
FujitsuPrimergy Rx2540 M7 Firmwareoperating_system
FujitsuPrimergy Rx4770 M3 Firmwareoperating_system
FujitsuPrimergy Rx4770 M4 Firmwareoperating_system
FujitsuPrimergy Rx4770 M5 Firmwareoperating_system
FujitsuPrimergy Rx4770 M6 Firmwareoperating_system
FujitsuPrimergy Rx4770 M7 Firmwareoperating_system
FujitsuPrimergy Rx8770 M7 Firmwareoperating_system
FujitsuPrimergy Tx1310 M3 Firmwareoperating_system
FujitsuPrimergy Tx1310 M5 Firmwareoperating_system
FujitsuPrimergy Tx1320 M3 Firmwareoperating_system
FujitsuPrimergy Tx1320 M4 Firmwareoperating_system
FujitsuPrimergy Tx1320 M5 Firmwareoperating_system
FujitsuPrimergy Tx1330 M3 Firmwareoperating_system
FujitsuPrimergy Tx1330 M4 Firmwareoperating_system
FujitsuPrimergy Tx1330 M5 Firmwareoperating_system
FujitsuPrimergy Tx2550 M4 Firmwareoperating_system
FujitsuPrimergy Tx2550 M5 Firmwareoperating_system
FujitsuPrimergy Tx2550 M7 Firmwareoperating_system
FujitsuServer Devicesoperating_system
FujitsuStylistic Q5010 Firmwareoperating_system
FujitsuStylistic Q509 Firmwareoperating_system
FujitsuStylistic Q7310 Firmwareoperating_system
FujitsuStylistic Q7311 Firmwareoperating_system
FujitsuStylistic Q7312 Firmwareoperating_system
FujitsuStylistic Q739 Firmwareoperating_system
Insyde SoftwareInsydeh2oapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2023-40238
NVD
nvd.nist.gov/vuln/detail/CVE-2023-40238
MITRE CWE · CWE-787
cwe.mitre.org
Vendor Advisory
insyde.com/security-pledge
Vendor Advisory
insyde.com/security-pledge/SA-2023053
Third Party Advisory
security.netapp.com/advisory/ntap-20240105-0002
Third Party Advisory
kb.cert.org/vuls/id/811862
Exploit
binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html
LogoFAIL out-of-bounds write in Insyde InsydeH2O BmpDecoderDxe (CVE-2023-40238) | Mallory