HIGH🇵🇱 Wersja polska

CVE-2024-25078

CVSS 7.4v3.1pub. 2024-05-15upd. 2025-07-29

A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
  • Insyde Kernel

    OS
    Insyde
    5.2 – 5.29.07 (bez)5.3 – 5.38.07 (bez)5.4 – 5.46.07 (bez)5.5 – 5.54.07 (bez)5.6 – 5.61.07 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-52880HIGH7.9ten sam produkt

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.3...

CVE-2022-36337HIGH8.2ten sam produkt

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability...

CVE-2022-35407HIGH7.8ten sam produkt

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbi...

CVE-2022-29275HIGH8.2ten sam produkt

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS...

CVE-2022-29278HIGH8.2ten sam produkt

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrec...