PT-2024-12154 · Insyde · Insydeh2O
Published
2024-03-12
·
Updated
2024-11-07
·
CVE-2023-28149
CVSS v3.1
6.1
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Insyde InsydeH2O with kernel versions prior to 05.28.42
Insyde InsydeH2O with kernel versions prior to 05.37.42
Insyde InsydeH2O with kernel versions prior to 05.45.39
Insyde InsydeH2O with kernel versions prior to 05.53.39
Insyde InsydeH2O with kernel versions prior to 05.60.39
Description
An issue was discovered in the IhisiServiceSmm module that could allow an attacker to modify UEFI variables.
Recommendations
For kernel version 5.2, update to version 05.28.42 or later.
For kernel version 5.3, update to version 05.37.42 or later.
For kernel version 5.4, update to version 05.45.39 or later.
For kernel version 5.5, update to version 05.53.39 or later.
For kernel version 5.6, update to version 05.60.39 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Insydeh2O