CVE-2022-24351

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

History

20 Dec 2023, 17:33

Type Values Removed Values Added
CWE CWE-367
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
References () https://www.insyde.com/security-pledge - () https://www.insyde.com/security-pledge - Vendor Advisory
References () https://www.insyde.com/security-pledge/SA-2023038 - () https://www.insyde.com/security-pledge/SA-2023038 - Vendor Advisory
CPE cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

16 Dec 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-16 02:15

Updated : 2024-02-05 00:22


NVD link : CVE-2022-24351

Mitre link : CVE-2022-24351

CVE.ORG link : CVE-2022-24351


JSON object : View

Products Affected

insyde

  • insydeh2o
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition