Insydeh2o
CVE-2024-25079
HIGH
Severity by source
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Lifecycle Timeline
1DescriptionCVE.org
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
AnalysisAI
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6. Rated high severity (CVSS 7.4). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-763. A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. Affected products include: Insyde Insydeh2O. Version information: before 05.29.09.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. Rated high severity (CVSS 7.8), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerab
An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 all
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.4
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), thi
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), thi
Same weakness CWE-763 – Release of Invalid Pointer or Reference
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today