CVE-2023-25600

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insydecrpkg:*:*:*:*:*:*:*:*

History

08 Aug 2023, 15:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
CWE CWE-125
CPE cpe:2.3:a:insyde:insydecrpkg:*:*:*:*:*:*:*:*
References (MISC) https://www.insyde.com/security-pledge - (MISC) https://www.insyde.com/security-pledge - Not Applicable
References (MISC) https://www.insyde.com/security-pledge/SA-2023028 - (MISC) https://www.insyde.com/security-pledge/SA-2023028 - Vendor Advisory

03 Aug 2023, 15:37

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-03 15:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-25600

Mitre link : CVE-2023-25600

CVE.ORG link : CVE-2023-25600


JSON object : View

Products Affected

insyde

  • insydecrpkg
CWE
CWE-125

Out-of-bounds Read