CVE-2024-55567

Published: Jun 12, 2025Modified: Aug 20, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Affected (4)

Products: Insyde: Insydeh2o

Insyde

1 product

Insydeh2o

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Insyde Insydeh2o	From 5.4 to 5.4.05.47.01
Insyde Insydeh2o	From 5.5 to 5.5.05.55.01
Insyde Insydeh2o	From 5.6 to 5.6.05.62.01
Insyde Insydeh2o	From 5.7 to 5.7.05.71.01

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.insyde.com/security-pledge/sa-2024018/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.