CNNVD-202508-1346 Information
Aug 13, 2025
cve
CNNVD ID
CNNVD-202508-1346
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
InsydeH2O是中国系微(Insyde)公司的一款可定制固件代码库。 InsydeH2O存在安全漏洞,该漏洞源于可写入SMRAM任意内存并在SMM级别执行任意代码。
Description (English)
InsydeH2O is a custom-made hardware code repository for Insyde. There is a security gap in InsydeH2O, which stems from the fact that it can be written into any memory of SMRAM and enforces any code at the SMM level.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
系微
Published
2025-08-13
Last Modified
2026-02-24
References
https://www.insyde.com/security-pledge/sa-2025005/
Patch
https://www.insyde.com/security-pledge/sa-2025005/
Share on: