CNNVD-202508-1345 Information

CNNVD ID

CNNVD-202508-1345

Related CVE

CVE-2025-4276

• CNNVD Published: 2025-08-13

Description (Chinese)

Insyde InsydeH2O是中国系微（Insyde）公司的一个新的 EFI/UEFI 规范。旨在取代传统的 BIOS（基本输入/输出系统）。 Insyde InsydeH2O存在安全漏洞，该漏洞源于可写入SMRAM任意内存并在SMM级别执行任意代码。

Description (English)

Insyde InsydeH2O is a new EFI/UEFI norm for Insyde. It is intended to replace the traditional BIOS (basic input/output system). There is a security loophole in Insyde InsydeH2O, which stems from the fact that it can be written into any memory of SMRAM and enforces any code at the SMM level.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

系微

Published

2025-08-13

Last Modified

2026-02-24

References

https://www.insyde.com/security-pledge/sa-2025005/

Patch

https://www.insyde.com/security-pledge/sa-2025005/