VDB
CVE-2022-24351
CVE-2022-24351
PUBLISHED
Es existiert eine Schwachstelle in Insyde UEFI Firmware. Durch SPI-Injektion ist es möglich, den FDM-Inhalt zu ändern, nachdem er überprüft wurde. Dieser TOCTOU-Angriff könnte dazu verwendet werden, Daten und Code zu verändern, die im weiteren Verlauf des Boot-Prozesses verwendet werden.
EPSS 0.03% · 9.6th percentile
Risk Scores
EPSS Score
0.03%
9.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Insyde UEFI Firmware | |
| Lenovo | Lenovo BIOS | |
| Dell | Dell BIOS | |
| Dell | Dell Computer | |
| Lenovo | Lenovo Computer |
Timeline
- May 9, 2023 PoC Published
- May 10, 2023 PoC Published
- May 10, 2023 PoC Published
- May 16, 2023 PoC Published
- May 17, 2023 PoC Published
- Aug 8, 2023 CVE Published
- Dec 3, 2023 CVE Updated
- Dec 16, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Jan 16, 2024 PoC Published
- Feb 12, 2024 EPSS Score
- Mar 12, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2021.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2021 advisory
- https://www.dell.com/support/kbdoc/de-de/000217232/dsa-2023-324-security-update-for-an-dell-client-platform-insyde-uefi-bios-vulnerability advisory
- https://support.lenovo.com/us/en/product_security/LEN-134879 advisory
- https://www.insyde.com/security-pledge/SA-2023047 advisory
- https://www.insyde.com/security-pledge/SA-2023036 advisory
- https://www.insyde.com/security-pledge/SA-2023038 advisory