CVE-2022-24351

MEDIUM Year: 2022
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

Related Vulnerabilities

CVE-2013-4235

MEDIUM
CVSS:4.7(Medium)

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CWE-3672013

CVE-2015-7810

MEDIUM
CVSS:4.7(Medium)

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

CWE-3672015

CVE-2019-11482

MEDIUM
CVSS:4.7(Medium)

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

CWE-3672019

CVE-2020-8793

MEDIUM
CVSS:4.7(Medium)

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offli...

CWE-3672020

CVE-2020-8833

MEDIUM
CVSS:4.7(Medium)

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can...

CWE-3672020

CVE-2021-26350

MEDIUM
CVSS:4.7(Medium)

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.

CWE-3672021