CVE-2024-27353

CVSS v3.1

7.4

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.2 through 5.2 before 05.29.09 Insyde InsydeH2O kernel versions 5.3 through 5.3 before 05.38.09 Insyde InsydeH2O kernel versions 5.4 through 5.4 before 05.46.09 Insyde InsydeH2O kernel versions 5.5 through 5.5 before 05.54.09 Insyde InsydeH2O kernel versions 5.6 through 5.6 before 05.61.09

Description A memory corruption issue in SdHost and SdMmcDevice could lead to escalating privileges in SMM.

Recommendations For Insyde InsydeH2O kernel version 5.2 before 05.29.09, upgrade to version 05.29.09 or later. For Insyde InsydeH2O kernel version 5.3 before 05.38.09, upgrade to version 05.38.09 or later. For Insyde InsydeH2O kernel version 5.4 before 05.46.09, upgrade to version 05.46.09 or later. For Insyde InsydeH2O kernel version 5.5 before 05.54.09, upgrade to version 05.54.09 or later. For Insyde InsydeH2O kernel version 5.6 before 05.61.09, upgrade to version 05.61.09 or later.

Fix

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-822

Related Identifiers

CVE-2024-27353

Affected Products

Insydeh2O

CVE-2024-27353

Weakness Enumeration

Related Identifiers

Affected Products

References · 5