Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27471

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.

Published

2023-08-18T19:15:12.243

Last Modified

2024-11-21T07:52:58.327

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	insyde	insydeh2o	5.0	Yes
Application	insyde	insydeh2o	5.1	Yes
Application	insyde	insydeh2o	5.2	Yes
Application	insyde	insydeh2o	5.3	Yes
Application	insyde	insydeh2o	5.4	Yes
Application	insyde	insydeh2o	5.5	Yes

References

https://www.insyde.com/security-pledge/SA-2023036 Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge/SA-2023036 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)