An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.insyde.com/security-pledge/SA-2023036 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-18T00:00:00
Updated: 2024-08-02T12:09:43.512Z
Reserved: 2023-03-01T00:00:00
Link: CVE-2023-27471
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-18T19:15:12.243
Modified: 2023-08-24T16:14:42.057
Link: CVE-2023-27471
Redhat
No data.