CVE-2025-4276

Summary

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Affected Software

VendorProductVersion RangeStatus
Insyde SoftwareInsydeH2OKernel 5.3 < 05.39.18affected
Insyde SoftwareInsydeH2OKernel 5.4 < 05.47.18affected
Insyde SoftwareInsydeH2OKernel 5.5 < 05.55.18affected
Insyde SoftwareInsydeH2OKernel 5.6 < 05.62.18affected
Insyde SoftwareInsydeH2OKernel 5.7 < 05.71.18affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References