CVE-2022-24351
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/12/2023
Last modified:
20/12/2023
Description
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* | 5.2 (including) | 5.2.05.27.29 (excluding) |
| cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* | 5.3 (including) | 5.3.05.36.29 (excluding) |
| cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* | 5.4 (including) | 5.4.05.44.13 (excluding) |
| cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* | 5.5 (including) | 5.5.05.52.13 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



