Insyde Security Advisory 2022029

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2022029 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.5 09/21/2022 09/21/2022


SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O.

Vulnerability Details


This affects the FwBlockServiceSmm driver of InsydeH2O. This issue was discovered by the Binarly efiXplorer team. The issue is fixed in InsydeH2O, versions:

Kernel 5.0 (issue IB02961494 in version 05.09.37)
Kernel 5.1 (issue IB02961494 in version 05.17.37)
Kernel 5.2 (issue IB02961494 in version 05.27.30 or issue IB02961505 in version 05.27.37)
Kernel 5.3 (issue IB02961493 in version 05.36.30 or issue IB02961505 in version 05.36.37)
Kernel 5.4 (issue IB02961493 in version 05.44.30 or issue IB02961505 in version 05.44.37)
Kernel 5.5 (issue IB02961493 in version 05.52.30 or issue IB02961505 in version 05.52.37)


Insyde Software would like to thank Binarly for reporting this issue.

Revision History:

Revision Date Description
1.0 09/21/2022 Initial Release
- - -

Return to Insyde's Security Pledge