3 matches found
CVE-2023-34195
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...
CVE-2023-34195
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...
CVE-2023-34195
Insyde InsydeH2O (kernel 5.0–5.5) contains a vulnerability in SystemFirmwareManagementRuntimeDxe where GetImage reads a runtime variable GetImageProgress and later uses its value as a function pointer. The GetImageProgress variable is wiped by the same module before function end. If an OS sets th...