Insyde InsydeH2O 5.x Firmware Vulnerability: Unchecked Buffer Address in FwBlockServiceSmm

Insyde InsydeH2O 5.x Firmware Vulnerability: Unchecked Buffer Address in FwBlockServiceSmm

CVE-2021-33627 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses

Learn more about our Web Application Penetration Testing UK.