CVE-2021-43323

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O with kernel 5.5 before 05.51.45 Insyde InsydeH2O with kernel 5.4 before 05.43.45 Insyde InsydeH2O with kernel 5.3 before 05.35.45 Insyde InsydeH2O with kernel 5.2 before 05.26.45 Insyde InsydeH2O with kernel 5.1 before 05.16.45 Insyde InsydeH2O with kernel 5.0 before 05.08.45

Description An issue was discovered in UsbCoreDxe that allows an attacker to hijack execution flow of code running in System Management Mode. This could lead to escalating privileges to SMM.

Recommendations For Insyde InsydeH2O with kernel 5.5 before 05.51.45, update to a version after 05.51.45. For Insyde InsydeH2O with kernel 5.4 before 05.43.45, update to a version after 05.43.45. For Insyde InsydeH2O with kernel 5.3 before 05.35.45, update to a version after 05.35.45. For Insyde InsydeH2O with kernel 5.2 before 05.26.45, update to a version after 05.26.45. For Insyde InsydeH2O with kernel 5.1 before 05.16.45, update to a version after 05.16.45. For Insyde InsydeH2O with kernel 5.0 before 05.08.45, update to a version after 05.08.45.