CVE-2025-4277

Summary

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Affected Software

VendorProductVersion RangeStatus
Insyde SoftwareInsydeH2OKernel 5.2 < 05.2A.21affected
Insyde SoftwareInsydeH2OKernel 5.3 < 05.39.21affected
Insyde SoftwareInsydeH2OKernel 5.4 < 05.47.21affected
Insyde SoftwareInsydeH2OKernel 5.5 < 05.55.21affected
Insyde SoftwareInsydeH2OKernel 5.6 < 05.62.21affected
Insyde SoftwareInsydeH2OKernel 5.7 < 05.71.21affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References