This vulnerability is presently awaiting analysis.
An contented was discovered successful SystemFirmwareManagementRuntimeDxe successful Insyde InsydeH2O with kernel 5.0 done 5.5. The implementation of the GetImage method retrieves the worth of a runtime adaptable named GetImageProgress, and aboriginal uses this worth arsenic a relation pointer. This adaptable is wiped retired by the aforesaid module adjacent the extremity of the function. By mounting this UEFI adaptable from the OS to constituent into customized code, an attacker could execute arbitrary codification execution successful the DXE phase, earlier respective chipset locks are set.
CVSS 3.x Severity and Metrics:
Base Score: N/A
NVD score not yet provided.
0 alteration records recovered show changes