Описание
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.1 (включая) до 5.14.34 (исключая)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 5.2 (включая) до 5.24.34 (исключая)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Конфигурация 3Версия от 5.3 (включая) до 5.33.34 (исключая)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00066
Низкий
7.5 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
EPSS
Процентиль: 21%
0.00066
Низкий
7.5 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-787