CVE-2021-33625

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O Kernel 5.x

Description An issue was discovered in Insyde InsydeH2O, affecting HddPassword, where software SMI services using the Communicate() function of the EFI SMM COMMUNICATION PROTOCOL do not validate the buffer address, allowing the use of SMRAM, MMIO, or OS kernel addresses.

Recommendations For Insyde InsydeH2O Kernel 5.x, as a temporary workaround, consider restricting the use of the Communicate() function within the EFI SMM COMMUNICATION PROTOCOL until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.