CVE-2024-25079
First published: Wed May 15 2024(Updated: )
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insyde H2O | <05.29.09<05.38.09<05.46.09<05.54.09<05.61.09 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-25079?
CVE-2024-25079 is identified as a critical memory corruption vulnerability that can lead to privilege escalation.
How do I fix CVE-2024-25079?
To fix CVE-2024-25079, upgrade your Insyde InsydeH2O firmware to a version after the affected releases.
Which versions of InsydeH2O are vulnerable to CVE-2024-25079?
CVE-2024-25079 affects Insyde InsydeH2O kernel versions prior to 05.29.09, 05.38.09, 05.46.09, 05.54.09, and 05.61.09.
What type of vulnerability is CVE-2024-25079?
CVE-2024-25079 is classified as a memory corruption vulnerability.
Can CVE-2024-25079 be exploited remotely?
The details on remote exploitation are not specified, but it can lead to local privilege escalation in SMM.
- agent/type
- agent/references
- agent/description
- agent/author
- agent/first-publish-date
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/insyde
- canonical/insyde h2o