[BRLY-LOGOFAIL-2023-021] Out-of-bounds Read in DXE driver
June 19, 2024
Severity:
Medium
CVSS Score
6
Public Disclosure Date:
August 1, 2023
CVE ID:
Summary
Binarly REsearch Team has discovered a OOB Read vulnerability in DXE driver. Improper validation on JPEG marker length leads to multiple OOB Read operations during JPEG file processing in AMI firmware
By modifying the physical memory from runtime, an attacker can trigger a division by 0 due to a UINT32 overflow. This vulnerability is exploitable on both client and server platforms where S3 sleep is activated.
Tags
Vulnerability
supply chain
Related Advisories
No items found.
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner