CVE-2024-7344

Public Exploit

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Description

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Link	Tags
https://uefi.org/revocationlistfile	patch
https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html	related
https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html	related
https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/	related
https://www.kb.cert.org/vuls/id/529659	third party advisory us government resource
https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/	exploit mitigation third party advisory

What is the severity of CVE-2024-7344?: CVE-2024-7344 has been scored as a high severity vulnerability.
How to fix CVE-2024-7344?: To fix CVE-2024-7344, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-7344 being actively exploited in the wild?: It is possible that CVE-2024-7344 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7344?: CVE-2024-7344 affects Radix SmartRecovery, Greenware Technologies GreenGuard, Howyar Technologies SysReturn (32-bit and 64-bit), SANFONG SANFONG EZ-Back System, CES Taiwan CES NeoImpact, SignalComputer HDD King.