exploitDog

GHSA-7p8h-xj83-qmvw

Опубликовано: 12 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Ссылки

EPSS

Процентиль: 6%

0.00025

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2024-55567

CVSS3: 7.5

nvd

8 месяцев назад

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

EPSS

Процентиль: 6%

0.00025

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-20