← Back

CVE-2024-25079

nvd nist
Published: May 15, 2024Modified: Aug 4, 2025

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Exploitability: 0.8 / Impact: 6.0
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

Affected (5)

Products: Insyde: Insydeh2o
Insyde
1 product
Insydeh2o
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.2 to 5.29.09
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.3 to 5.38.09
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.4 to 5.46.09
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.5 to 5.54.09
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.6 to 5.61.09

Related CWEs

CWE-763
Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.