CVE-2022-36337

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code...

Stack overflow

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which is caused...

CVE-2022-36337

CVE-2022-36337 affects Insyde InsydeH2O, with kernel 5.0–5.5. A stack buffer overflow in the MebxConfiguration driver can cause arbitrary code execution when a UEFI variable is read by BIOS code, potentially enabling local compromise. Remediation guidance present in PT-2022-23314 suggests tempora...

PT-2022-23314 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel 5.0 through 5.5 Description: A stack buffer overflow vulnerability in the MebxConfiguration driver can lead to arbitrary code execution. This issue occurs when a UEFI variable under the OS is read by BIOS code,...