Primary

Context

Insyde Tcg2Smm Arbitrary Memory Write and Code Execution Vulnerability in SMM

Vulnerability

Patched

A vulnerability exists in the Tcg2Smm module of InsydeH2O firmware, allowing for arbitrary memory writes within SMRAM. This vulnerability can be exploited to execute arbitrary code at the SMM level. It arises from improper input validation.

Impact

Exploitation of this vulnerability could lead to unauthorized memory modifications and execution of arbitrary code with SMM privileges, potentially allowing for low-level system manipulation or control.

Remediation

Users can upgrade to InsydeH2O version 05.2A.21, 05.39.21, 05.47.21, 05.55.21, 05.62.21 or 05.71.21 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Insyde Tcg2Smm Arbitrary Memory Write and Code Execution Vulnerability in SMM

Vulnerability

Impact

Remediation

Affected Products

InsydeH2O

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating