SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption

July 29, 2025 invoker category_cve

CVE Details

Basic Information

Title SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption
Type cve
Published 2025-07-30T00:42:01.874Z
Modified 2025-07-30T00:42:01.874Z

Product Information

Vendor Insyde Software
Product InsydeH2O
Version Feature developed for Lenovo

CVSS Information

Base Score 8.2 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

  • Insyde Software InsydeH2O Feature developed for Lenovo

Additional Information

CWE List CWE-119
Source Insyde

Description

The vulnerability was identified in the code developed specifically for Lenovo. Please visit “Lenovo Product Security Advisories and Announcements” webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.