Home

Description

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

PUBLISHED Reserved 2025-05-05 | Published 2025-08-13 | Updated 2025-08-14 | Assigner Insyde




HIGH: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unknown

Kernel 5.3 before 05.39.18
affected

Kernel 5.4 before 05.47.18
affected

Kernel 5.5 before 05.55.18
affected

Kernel 5.6 before 05.62.18
affected

Kernel 5.7 before 05.71.18
affected

References

www.insyde.com/security-pledge/sa-2025005/

cve.org (CVE-2025-4276)

nvd.nist.gov (CVE-2025-4276)

Download JSON