CVE-2024-25079 (GCVE-0-2024-25079)
Vulnerability from cvelistv5
Published
2024-05-15 14:23
Modified
2025-02-13 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insydeh2o",
"vendor": "insyde",
"versions": [
{
"lessThan": "05.38.09",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:insyde:insydeh2o:5.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insydeh2o",
"vendor": "insyde",
"versions": [
{
"lessThan": "05.46.09",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:insyde:insydeh2o:5.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insydeh2o",
"vendor": "insyde",
"versions": [
{
"lessThan": "05.54.09",
"status": "affected",
"version": "5.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:insyde:insydeh2o:5.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insydeh2o",
"vendor": "insyde",
"versions": [
{
"lessThan": "05.29.09",
"status": "affected",
"version": "5.5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:insyde:insydeh2o:5.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insydeh2o",
"vendor": "insyde",
"versions": [
{
"lessThan": "05.61.09",
"status": "affected",
"version": "5.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:52:03.227235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T14:17:02.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2024001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T14:23:26.527Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2024001"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25079",
"datePublished": "2024-05-15T14:23:26.249Z",
"dateReserved": "2024-02-04T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:47:10.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-25079\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-05-15T15:15:07.930\",\"lastModified\":\"2025-08-04T14:23:17.420\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de corrupci\u00f3n de memoria en HddPassword en Insyde InsydeH2O kernel 5.2 anterior al 29.05.09, kernel 5.3 anterior al 38.05.09, kernel 5.4 anterior al 05.46.09, kernel 5.5 anterior al 05.54.09 y kernel 5.6 anterior al 05.61.09 podr\u00eda llevar a una escalada de privilegios en SMM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-763\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.29.09\",\"matchCriteriaId\":\"5E292E28-0173-467A-9209-4867FE292BCA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.38.09\",\"matchCriteriaId\":\"CDC9DB4F-33B9-438A-8E2B-80B891297C54\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.46.09\",\"matchCriteriaId\":\"A9C75884-65A6-46F5-9889-C3B2685EE00D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.54.09\",\"matchCriteriaId\":\"9189015D-3A58-41BD-9415-15CC78C25111\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6\",\"versionEndExcluding\":\"5.61.09\",\"matchCriteriaId\":\"F66E777E-35C5-4DF1-9842-765DFF78A88F\"}]}]}],\"references\":[{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2024001\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2024001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.insyde.com/security-pledge\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.insyde.com/security-pledge/SA-2024001\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:36:21.602Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-25079\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-15T15:52:03.227235Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*\"], \"vendor\": \"insyde\", \"product\": \"insydeh2o\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.2\", \"lessThan\": \"05.38.09\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:insyde:insydeh2o:5.3:*:*:*:*:*:*:*\"], \"vendor\": \"insyde\", \"product\": \"insydeh2o\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.3\", \"lessThan\": \"05.46.09\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:insyde:insydeh2o:5.4:*:*:*:*:*:*:*\"], \"vendor\": \"insyde\", \"product\": \"insydeh2o\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.4\", \"lessThan\": \"05.54.09\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:insyde:insydeh2o:5.5:*:*:*:*:*:*:*\"], \"vendor\": \"insyde\", \"product\": \"insydeh2o\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.5\", \"lessThan\": \"05.29.09\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:insyde:insydeh2o:5.6:*:*:*:*:*:*:*\"], \"vendor\": \"insyde\", \"product\": \"insydeh2o\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.6\", \"lessThan\": \"05.61.09\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-763\", \"description\": \"CWE-763 Release of Invalid Pointer or Reference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-15T16:04:34.009Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.insyde.com/security-pledge\"}, {\"url\": \"https://www.insyde.com/security-pledge/SA-2024001\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-15T14:23:26.527Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-25079\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T15:47:10.262Z\", \"dateReserved\": \"2024-02-04T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-05-15T14:23:26.249Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…