Описание
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.5 (включая)
cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
8.2 High
CVSS3
Дефекты
CWE-787
CWE-121
Связанные уязвимости
CVSS3: 8.2
github
около 3 лет назад
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
EPSS
Процентиль: 19%
0.0006
Низкий
8.2 High
CVSS3
Дефекты
CWE-787
CWE-121