Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24351

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

Published

2023-12-16T02:15:07.183

Last Modified

2024-11-21T06:50:13.907

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-367

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	insyde	insydeh2o	< 5.2.05.27.29	Yes
Application	insyde	insydeh2o	< 5.3.05.36.29	Yes
Application	insyde	insydeh2o	< 5.4.05.44.13	Yes
Application	insyde	insydeh2o	< 5.5.05.52.13	Yes

References

https://www.insyde.com/security-pledge Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge/SA-2023038 Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2023038 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)