CVE-2024-25078

HIGH EPSS 4.5%
Published May 15, 20242y ago · Modified Jun 17, 20262w ago
7.4 CVSS 3.1
High
Find Similar
Published May 15, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.

CVSS Details

Base Score
7.4
Exploitability
0.8
Impact
6.0
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability Low

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-822

Affected Products 5

VendorProductVersionRange
insydekernel*≥5.2  –  <5.29.07
insydekernel*≥5.3  –  <5.38.07
insydekernel*≥5.4  –  <5.46.07
insydekernel*≥5.5  –  <5.54.07
insydekernel*≥5.6  –  <5.61.07

References 2

  • insyde.com https://www.insyde.com/security-pledge
    Vendor Advisory
  • insyde.com https://www.insyde.com/security-pledge/SA-2024001
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.