CNNVD-202601-2524 Information

CNNVD ID

CNNVD-202601-2524

Related CVE

CVE-2025-12050

• CNNVD Published: 2026-01-14

Description (Chinese)

Insyde InsydeH2O是中国系微（Insyde）公司的一个新的 EFI/UEFI 规范。旨在取代传统的 BIOS（基本输入/输出系统）。 Insyde InsydeH2O存在安全漏洞，该漏洞源于使用RTL_QUERY_REGISTRY_DIRECT标志读取注册表值时，不可信的用户模式应用程序可能导致缓冲区溢出。

Description (English)

Insyde InsydeH2O is a new EFI/UEFI norm for Insyde. It is intended to replace the traditional BIOS (basic input/output system). There is a security loophole in Insyde InsydeH2O, which results from the use of the RTL QUERY REGISTRY DIRECT sign to read the registration form values, which could result in an untrustworthy user mode application spilling over the buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

系微

Published

2026-01-14

Last Modified

2026-02-24

References

https://www.insyde.com/security-pledge/sa-2025010/