Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which is caused...

PT-2022-23314 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel 5.0 through 5.5 Description: A stack buffer overflow vulnerability in the MebxConfiguration driver can lead to arbitrary code execution. This issue occurs when a UEFI variable under the OS is read by BIOS code,...