Описание
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
EPSS
Процентиль: 4%
0.00018
Низкий
7.8 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.8
github
8 месяцев назад
Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
EPSS
Процентиль: 4%
0.00018
Низкий
7.8 High
CVSS3