Lucene search

[email protected]NVD:CVE-2022-24351

HistoryDec 16, 2023 - 2:15 a.m.

CVE-2022-24351

2023-12-1602:15:07

CWE-367

[email protected]

web.nvd.nist.gov

insydeh2o

race-condition

vulnerability

kernel

data alteration

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.0%

JSON

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

Affected configurations

Nvd

Node

insydeinsydeh2oRange5.2–5.2.05.27.29

insydeinsydeh2oRange5.3–5.3.05.36.29

insydeinsydeh2oRange5.4–5.4.05.44.13

insydeinsydeh2oRange5.5–5.5.05.52.13

VendorProductVersionCPE
insydeinsydeh2o*cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insyde	insydeh2o	*	cpe:2.3:a:insyde:insydeh2o::::::::

References

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2023038

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2022-24351

cve1 prion1 cnvd1 cvelist1 ics1