CNNVD-202507-3758 Information

CNNVD ID

CNNVD-202507-3758

Related CVE

CVE-2025-4424

• CNNVD Published: 2025-07-30

Description (Chinese)

InsydeH2O是中国系微（Insyde）公司的一款可定制固件代码库。 InsydeH2O存在安全漏洞，该漏洞源于在SMI处理程序中任意调用带有未消毒参数的SmmSetVariable。

Description (English)

InsydeH2O is a custom-made hardware code repository for Insyde. InsydeH2O had a security loophole, which stemmed from the arbitrary use of SmmSetVariable with unsterilized parameters in the SMI process.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

系微

Published

2025-07-30

Last Modified

2026-02-24

References

https://support.lenovo.com/us/en/product_security/home https://www.insyde.com/security-pledge/sa-2025007/

Patch

https://www.insyde.com/security-pledge/sa-2025007/