Insyde's Security Pledge

UsbCoreDxe: Improper input validation may cause arbitrary code execution.

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2024-55567

The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

kernel 5.2, Not affected.
kernel 5.3, Not affected.
kernel 5.4, Version 05.47.01
kernel 5.5, Version 05.55.01
kernel 5.6, Version 05.62.01
kernel 5.7, Version 05.71.01