An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Not Applicable |
https://www.insyde.com/security-pledge/SA-2023028 | Vendor Advisory |
Configurations
History
08 Aug 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
CWE | CWE-125 | |
CPE | cpe:2.3:a:insyde:insydecrpkg:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.insyde.com/security-pledge - Not Applicable | |
References | (MISC) https://www.insyde.com/security-pledge/SA-2023028 - Vendor Advisory |
03 Aug 2023, 15:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-03 15:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-25600
Mitre link : CVE-2023-25600
CVE.ORG link : CVE-2023-25600
JSON object : View
Products Affected
insyde
- insydecrpkg
CWE
CWE-125
Out-of-bounds Read