SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module

July 29, 2025 invoker category_cve

CVE Details

Basic Information

Title SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module
Type cve
Published 2025-07-30T00:46:27.918Z
Modified 2025-07-30T00:46:27.918Z

Product Information

Vendor Insyde Software
Product InsydeH2O
Version Feature developed for Lenovo

CVSS Information

Base Score 6.0 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Affected Products

  • Insyde Software InsydeH2O Feature developed for Lenovo

Additional Information

CWE List CWE-200
Source Insyde

Description

The vulnerability was identified in the code developed specifically for Lenovo. Please visit “Lenovo Product Security Advisories and Announcements” webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.