Unrated severityNVD Advisory· Published Jun 12, 2025· Updated Jun 17, 2025

CVE-2024-55567

Description

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Insyde/InsydeH2O kerneldescription
Insyde/BIOSllm-fuzzy
Range: 5.4 before 05.47.01; 5.5 before 05.55.01; 5.6 before 05.62.01; 5.7 before 05.71.01

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.insyde.com/security-pledge/sa-2024018/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000