← Back

CVE-2022-24351

nvd nist
Published: Dec 16, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.0 / Impact: 3.6
Source: NVD

Description

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

Affected (4)

Products: Insyde: Insydeh2o
Insyde
1 product
Insydeh2o
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Insyde
Insydeh2o
From 5.2 to 5.2.05.27.29
Insydeh2o
From 5.3 to 5.3.05.36.29
Insydeh2o
From 5.4 to 5.4.05.44.13
Insydeh2o
From 5.5 to 5.5.05.52.13

Related CWEs

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.