216.73.217.139

CVE-2024-55567

· Published 12/06/2025 17:15 · Modified 12/06/2025 17:15

Labels: CVE-2024-55567 2025-06-12CVE-2024-55567[email protected]

Essential information

Published
12/06/2025 17:15
Modified
12/06/2025 17:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
insyde / insydeh2o cpe:2.3:a:insyde:insydeh2o:<5.4:*:*:*:*:*:*:*
insyde / insydeh2o cpe:2.3:a:insyde:insydeh2o:<5.5:*:*:*:*:*:*:*
insyde / insydeh2o cpe:2.3:a:insyde:insydeh2o:<5.6:*:*:*:*:*:*:*
insyde / insydeh2o cpe:2.3:a:insyde:insydeh2o:<5.7:*:*:*:*:*:*:*

References