Insyde InsydeH2O code issue vulnerability

Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the legacy BIOS (Basic Input/Output System). Operating System (H2O) UEFI firmware has a security vulnerability that stems from a handler that does not adequately check or validate the assigned table variable EFI_BOOT_SERVICES, which could be exploited to execute arbitrary code.