Home
HIGH: 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HDefault status
unknown
Kernel 5.3 (custom) before 05.39.18
affected
Kernel 5.4 (custom) before 05.47.18
affected
Kernel 5.5 (custom) before 05.55.18
affected
Kernel 5.6 (custom) before 05.62.18
affected
Kernel 5.7 (custom) before 05.71.18
affected
Description
UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Problem types
CWE-20 Improper Input Validation
Product status
Kernel 5.3 (custom) before 05.39.18
Kernel 5.4 (custom) before 05.47.18
Kernel 5.5 (custom) before 05.55.18
Kernel 5.6 (custom) before 05.62.18
Kernel 5.7 (custom) before 05.71.18
References
www.insyde.com/security-pledge/sa-2025005/