Описание
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.2 (включая) до 5.5 (включая)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
7.8 High
CVSS3
Дефекты
CWE-610
CWE-610
Связанные уязвимости
CVSS3: 7.8
github
почти 3 года назад
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.
EPSS
Процентиль: 22%
0.00071
Низкий
7.8 High
CVSS3
Дефекты
CWE-610
CWE-610