An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge/SA-2023036 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-18T00:00:00
Updated: 2023-08-18T18:07:57.390587
Reserved: 2023-03-01T00:00:00
Link: CVE-2023-27471
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-18T19:15:12.243
Modified: 2023-08-24T16:14:42.057
Link: CVE-2023-27471
JSON object: View
Redhat Information
No data.
CWE