fkie_nvd - fkie_cve-2024-25079

fkie_cve-2024-25079

Vulnerability from fkie_nvd

Published

2024-05-15 15:15

Modified

2025-08-04 14:23

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

Summary

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

References

URL	Tags
cve@mitre.org	https://www.insyde.com/security-pledge	Vendor Advisory
cve@mitre.org	https://www.insyde.com/security-pledge/SA-2024001	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.insyde.com/security-pledge	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.insyde.com/security-pledge/SA-2024001	Vendor Advisory

Impacted products

Vendor	Product	Version
insyde	insydeh2o	*
insyde	insydeh2o	*
insyde	insydeh2o	*
insyde	insydeh2o	*
insyde	insydeh2o	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E292E28-0173-467A-9209-4867FE292BCA",
              "versionEndExcluding": "5.29.09",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC9DB4F-33B9-438A-8E2B-80B891297C54",
              "versionEndExcluding": "5.38.09",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9C75884-65A6-46F5-9889-C3B2685EE00D",
              "versionEndExcluding": "5.46.09",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9189015D-3A58-41BD-9415-15CC78C25111",
              "versionEndExcluding": "5.54.09",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66E777E-35C5-4DF1-9842-765DFF78A88F",
              "versionEndExcluding": "5.61.09",
              "versionStartIncluding": "5.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de corrupci\u00f3n de memoria en HddPassword en Insyde InsydeH2O kernel 5.2 anterior al 29.05.09, kernel 5.3 anterior al 38.05.09, kernel 5.4 anterior al 05.46.09, kernel 5.5 anterior al 05.54.09 y kernel 5.6 anterior al 05.61.09 podr\u00eda llevar a una escalada de privilegios en SMM."
    }
  ],
  "id": "CVE-2024-25079",
  "lastModified": "2025-08-04T14:23:17.420",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-15T15:15:07.930",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge/SA-2024001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge/SA-2024001"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-763"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2024-25079 (GCVE-0-2024-25079)

Vulnerability from cvelistv5

Published

2024-05-15 14:23