Lucene search

[email protected]CVE-2023-25600

HistoryAug 03, 2023 - 3:15 p.m.

CVE-2023-25600

2023-08-0315:15:19

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-25600

insydeh2o

efi variable

out-of-bounds

memory reads

denial of service

nvd

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.

Affected configurations

NVD

Node

insydeinsydecrpkgRange<01.01.04.0016

CPENameOperatorVersion
insyde:insydecrpkginsyde insydecrpkglt01.01.04.0016

CPE	Name	Operator	Version
insyde:insydecrpkg	insyde insydecrpkg	lt	01.01.04.0016

References

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2023028

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-25600

prion1 cvelist1 nvd1