Header bannerHeader banner
Advisory ID:
BRLY-2023-021

[BRLY-LOGOFAIL-2023-021] Out-of-bounds Read in DXE driver

June 19, 2024
Severity:
Medium
CVSS Score
6
Public Disclosure Date:
August 1, 2023
CVE ID:

Summary

Binarly REsearch Team has discovered a OOB Read vulnerability in DXE driver. Improper validation on JPEG marker length leads to multiple OOB Read operations during JPEG file processing in AMI firmware
Vendors Affected Icon

Vendors Affected

Multiple
Affected Products icon

Affected Products

Multiple

Potential Impact

By modifying the physical memory from runtime, an attacker can trigger a division by 0 due to a UINT32 overflow. This vulnerability is exploitable on both client and server platforms where S3 sleep is activated.

Tags
Vulnerability
supply chain
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner