Arbitrary Code Execution Vulnerability in AsfSecureBootDxe in Insyde InsydeH2O

Arbitrary Code Execution Vulnerability in AsfSecureBootDxe in Insyde InsydeH2O

CVE-2023-39281 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Learn more about our Web Application Penetration Testing UK.