PT-2022-11495 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.0 through 5.5 Description: An issue was discovered in NvmExpressDxe due to an Untrusted Pointer Dereference, causing SMM memory corruption. This allows an attacker to write fixed or predictable data to SMRAM...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a security vulnerability that stems from a handler that does not...