Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2025009
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
8.2
2025-12-09
Summary
H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)
Vulnerability Details
CVSS Vector: CVSS3.1:AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Unchecked output buffer may allowed arbitrary code extcution in SMM and potentially result in SMM memory corruption.
CWE-787: Out-of-bounds Write
Solution Information
Solution patch IB05690966 for HP feature version before 20C1, which applies to following platforms:
Intel: Ice Lake, Kaby Lake
AMD: Picasso
Acknowledgements
Revision History
Revision #
Date
Description
1
2025-12-09
Initial Release