CVE-2024-55567

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.4 through 05.46.01 Insyde InsydeH2O kernel versions 5.5 through 05.54.01 Insyde InsydeH2O kernel versions 5.6 through 05.61.01 Insyde InsydeH2O kernel versions 5.7 through 05.70.01

Description Improper input validation was discovered in UsbCoreDxe, which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. The SMM module has an SMM call out vulnerability.

Recommendations For Insyde InsydeH2O kernel versions 5.4 through 05.46.01, update to version 05.47.01 or later. For Insyde InsydeH2O kernel versions 5.5 through 05.54.01, update to version 05.55.01 or later. For Insyde InsydeH2O kernel versions 5.6 through 05.61.01, update to version 05.62.01 or later. For Insyde InsydeH2O kernel versions 5.7 through 05.70.01, update to version 05.71.01 or later.