CVE-2024-25079

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

CVSS

No CVSS.

References

Link	Resource
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2024001	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2024001	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

History

04 Aug 2025, 14:23

Type	Values Removed	Values Added
References	~~() https://www.insyde.com/security-pledge -~~	() https://www.insyde.com/security-pledge - Vendor Advisory
References	~~() https://www.insyde.com/security-pledge/SA-2024001 -~~	() https://www.insyde.com/security-pledge/SA-2024001 - Vendor Advisory
CPE		cpe:2.3:a:insyde:insydeh2o::::::::
First Time		Insyde insydeh2o Insyde

15 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-15 15:15

Updated : 2025-08-04 14:23

NVD link : CVE-2024-25079

Mitre link : CVE-2024-25079

JSON object : View

Products Affected

insyde

insydeh2o

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.insyde.com/security-pledge", "name": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.insyde.com/security-pledge", "name": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.insyde.com/security-pledge/SA-2024001", "name": "https://www.insyde.com/security-pledge/SA-2024001", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.insyde.com/security-pledge/SA-2024001", "name": "https://www.insyde.com/security-pledge/SA-2024001", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-25079", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2024-05-15T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.29.09", "versionStartIncluding": "5.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.38.09", "versionStartIncluding": "5.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.46.09", "versionStartIncluding": "5.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.54.09", "versionStartIncluding": "5.5"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.61.09", "versionStartIncluding": "5.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-04T14:23Z"}