CVE-2024-25078
HIGH EPSS 4.5%
Published May 15, 20242y ago · Modified Jun 17, 20262w ago
7.4 CVSS 3.1
Published May 15, 2024 2y ago
Last Modified Jun 17, 2026 2w ago
Description
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability Low
Threat Intelligence
EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-822
Affected Products 5
References 2
- insyde.com https://www.insyde.com/security-pledge
- insyde.com https://www.insyde.com/security-pledge/SA-2024001
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.