Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-49200

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 6.4
Products affected by CVE-2024-49200
  • Insyde » Kernel » Version: 5.2
    cpe:2.3:o:insyde:kernel:5.2
  • Insyde » Kernel » Version: 5.3
    cpe:2.3:o:insyde:kernel:5.3
  • Insyde » Kernel » Version: 5.4
    cpe:2.3:o:insyde:kernel:5.4
  • Insyde » Kernel » Version: 5.5
    cpe:2.3:o:insyde:kernel:5.5
  • Insyde » Kernel » Version: 5.6
    cpe:2.3:o:insyde:kernel:5.6
  • Insyde » Kernel » Version: 5.7
    cpe:2.3:o:insyde:kernel:5.7


Products
Pricing
Contact Us

Shodan ® - All rights reserved