CVE-2023-27471

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O with kernel 5.0 through 5.5

Description An issue was discovered in Insyde InsydeH2O where UEFI implementations do not correctly protect and validate information contained in the MeSetup UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this issue could potentially lead to denial of service for the platform.

Recommendations For Insyde InsydeH2O with kernel 5.0 through 5.5, consider restricting access to the MeSetup UEFI variable to minimize the risk of exploitation. As a temporary workaround, avoid using operating system APIs that can overwrite this variable until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.