gsd-2022-24351
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.
Aliases
Aliases
CVE-2022-24351


To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-24351",
    "id": "GSD-2022-24351"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24351"
      ],
      "details": "TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.",
      "id": "GSD-2022-24351",
      "modified": "2023-12-13T01:19:43.183082Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-24351",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.insyde.com/security-pledge",
            "refsource": "MISC",
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "name": "https://www.insyde.com/security-pledge/SA-2023038",
            "refsource": "MISC",
            "url": "https://www.insyde.com/security-pledge/SA-2023038"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E4C00E9A-C160-417B-86DD-6ABAF29F2AD8",
                    "versionEndExcluding": "5.2.05.27.29",
                    "versionStartIncluding": "5.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "66A49101-C9A4-4992-8CD2-A87B53184A1B",
                    "versionEndExcluding": "5.3.05.36.29",
                    "versionStartIncluding": "5.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "77D9953D-F0BC-4117-A74F-347BE698307E",
                    "versionEndExcluding": "5.4.05.44.13",
                    "versionStartIncluding": "5.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B0474D79-6C1C-4175-AF34-3DCF0E01E7FD",
                    "versionEndExcluding": "5.5.05.52.13",
                    "versionStartIncluding": "5.5",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process."
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de condici\u00f3n de ejecuci\u00f3n TOCTOU en Insyde InsydeH2O con Kernel 5.2 anterior a la versi\u00f3n 05.27.29, Kernel 5.3 anterior a la versi\u00f3n 05.36.29, Kernel 5.4 anterior a la versi\u00f3n 05.44.13 y Kernel 5.5 anterior a la versi\u00f3n 05.52.13 permite a un atacante alterar los datos y el c\u00f3digo utilizados por el resto del proceso de arranque."
          }
        ],
        "id": "CVE-2022-24351",
        "lastModified": "2023-12-20T17:33:09.887",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.0,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-16T02:15:07.183",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2023038"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-367"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.