IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2024-04-29T00:00:00
Updated: 2024-08-02T22:48:12.141Z
Reserved: 2023-12-26T00:00:00
Link: CVE-2023-52080

Updated: 2024-08-02T22:48:12.141Z

Status : Awaiting Analysis
Published: 2024-04-29T18:15:07.493
Modified: 2024-11-21T08:39:07.667
Link: CVE-2023-52080

No data.