Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the legacy BIOS (Basic Input/Output System).Insyde InsydeH2O suffers from a memory corruption vulnerability. InsydeH2O is vulnerable to memory corruption, which stems from certain SMM drivers in the kernel that do not properly validate the CommBuffer and CommBufferSize parameters, leading to calls to corrupt firmware or OS memory, which can be exploited to cause a denial of service by corrupting the system.