Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Insyde InsydeH2O 安全漏洞
Vulnerability Description
Insyde InsydeH2O是中国台湾系微(Insyde)公司的一个 C 语言源,它实现了新技术“EFI/UEFI”规范,旨在取代传统的 BIOS(基本输入/输出系统)。 Insyde InsydeH2O Hardware-2-Operating System (H2O) UEFI固件存在安全漏洞,该漏洞源于位于 SWSMI 处理程序中的 InsydeH2O UEFI 固件代码的系统管理中断 (SWSMI) 处理程序取消引用 gRT (EFI_RUNTIME_SERVICES) 指针以调用位于 SMR
CVSS Information
N/A
Vulnerability Type
N/A