CVE-2024-55567 HIGH

CVE-2024-55567

Vendor N/A
Product n/a
Published June 12, 2025
Last update June 17, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:H/S:C/UI:N

What the vulnerability does

01Description

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 17, 2025 Record updated