CVE-2024-25079

EPSS 0.11%
Published 15.05.2024 15:15:07
Last modified 04.08.2025 14:23:17
Source cve@mitre.org
Teams watchlist Login
Open Login

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Insyde ≫ Insydeh2o Version >= 5.2 < 5.29.09

Insyde ≫ Insydeh2o Version >= 5.3 < 5.38.09

Insyde ≫ Insydeh2o Version >= 5.4 < 5.46.09

Insyde ≫ Insydeh2o Version >= 5.5 < 5.54.09

Insyde ≫ Insydeh2o Version >= 5.6 < 5.61.09

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.304

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

https://www.insyde.com/security-pledge

Vendor Advisory

https://www.insyde.com/security-pledge/SA-2024001

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25079

EUVD