Insyde's Security Pledge
Insyde Security Advisory 2022031
|Insyde ID||Advisory Category||Impact of Vulnerability||Severity Rating||Original Date||Last Revised|
SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O.
This affects the UsbLegacyControlSmm driver of InsydeH2O. This issue was discovered by the Binarly efiXplorer team. This issue is fixed in InsydeH2O, versions:
Kernel 5.0 (issue IB02040690 in version 05.09.38)
Kernel 5.1 (issue IB02040690 in version 05.17.38)
Kernel 5.2 (issue IB02040690 in version 05.27.28)
Kernel 5.3 (issue IB02040690 in version 05.36.28)
Kernel 5.4 (issue IB02040690 in version 05.44.28)
Kernel 5.5 (issue IB02040690 in version 05.52.28)
Insyde Software would like to thank Binarly for reporting this issue.