Описание
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.
Ссылки
- Not Applicable
- Vendor Advisory
- Not Applicable
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.5 (включая)
Одно из
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.6:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
7.8 High
CVSS3
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.
EPSS
Процентиль: 27%
0.00098
Низкий
7.8 High
CVSS3
Дефекты
CWE-787