First published: Thu Aug 03 2023(Updated: )
An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde Insydecrpkg | <01.01.04.0016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue with InsydeH2O is CVE-2023-25600.
The severity of CVE-2023-25600 is high with a CVSS score of 7.1.
The vulnerability in InsydeH2O occurs when a malicious operating system tampers with a runtime-writable EFI variable, causing out-of-bounds memory reads and a denial of service.
CVE-2023-25600 is fixed in version 01.01.04.0016 of InsydeH2O.
You can find more information about CVE-2023-25600 at the following links: - [Insyde Security Pledge - SA-2023028](https://www.insyde.com/security-pledge/SA-2023028) - [Insyde Security Pledge](https://www.insyde.com/security-pledge)