4 matches found
CVE-2025-4424
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4424
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4424 SetupAutomationSmm : Arbitrary calls to SmmSetVariable with unsanitised arguments in SMI handler
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4424
CVE-2025-4424 affects InsydeH2O firmware (Lenovo context) with an arbitrary call to SmmSetVariable using unsanitized parameters in an SMI handler. Root cause: unsafeguarded SMM variable writes allow modification of firmware state from a local attacker with high privileges. Impact: integrity impac...