An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
insyde insydeh2o |