Description
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.
References (2)
Core 2
Core References
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023038
Scores
CVSS v3
4.7
EPSS
0.0014
EPSS Percentile
3.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-367
Status
published
Products (1)
insyde/insydeh2o
5.2 - 5.2.05.27.29
Published
Dec 16, 2023
Tracked Since
Feb 18, 2026