Описание
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:insyde:insydeh2o:5.0:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.1:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.3:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.4:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.5:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00062
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 5.5
github
больше 2 лет назад
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
EPSS
Процентиль: 19%
0.00062
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-20
CWE-20