Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-49200

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44.

Published

2025-04-15T22:15:15.467

Last Modified

2025-04-30T16:41:11.493

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	insyde	kernel	5.2	Yes
Operating System	insyde	kernel	5.3	Yes
Operating System	insyde	kernel	5.4	Yes
Operating System	insyde	kernel	5.5	Yes
Operating System	insyde	kernel	5.6	Yes
Operating System	insyde	kernel	5.7	Yes

References

https://www.insyde.com/security-pledge/SA-2024015 Vendor Advisory ([email protected])