Описание
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
Ссылки
- Not Applicable
- Vendor Advisory
- Not Applicable
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.5 (включая)
cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
EPSS
Процентиль: 13%
0.00043
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863