CVE-2024-7344

Опубликовано: 14 янв. 2025

Источник: redhat

EPSS Низкий

Описание

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Отчет

Red Hat components are not directly affected by CVE-2024-7344. However, until the DBX entries are updated on a system, it is possible for an attacker to boot the affected EFI applications even with secure boot protections enabled. Once the affected vendors have released a DBX update, it should be installed through fwupd via LVFS.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2024-7344

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=2337607howyar-sysreturn: Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

EPSS

Процентиль: 21%

0.00068

Низкий

Связанные уязвимости

CVE-2024-7344

CVSS3: 8.2

nvd

5 месяцев назад

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

CVE-2024-7344

CVSS3: 6.7

msrc

5 месяцев назад

Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass

GHSA-7xfj-4r7x-3733

CVSS3: 6.5

github

5 месяцев назад

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

BDU:2025-00366

CVSS3: 6.5

fstec

5 месяцев назад

Уязвимость UEFI-загрузчика Howyar Reloader операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 21%

0.00068

Низкий