PT-2023-20190 · Insyde · Insydeh2O

Jeremy Boone

Published

2023-08-03

Updated

2023-08-08

CVE-2023-25600

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions InsydeH2O versions prior to 01.01.04.0016

Description An issue was discovered where a malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service.

Recommendations For versions prior to 01.01.04.0016, update to version 01.01.04.0016 to resolve the issue. As a temporary workaround, consider restricting access to runtime-writable EFI variables to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2023-25600

Affected Products

Insydeh2O

PT-2023-20190 · Insyde · Insydeh2O

CVE-2023-25600

Weakness Enumeration

Related Identifiers

Affected Products

References · 5