EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module

July 29, 2025 invoker category_cve

CVE Details

Basic Information

Title EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module
Type cve
Published 2025-07-30T00:39:28.366Z
Modified 2025-07-30T00:39:28.366Z

Product Information

Vendor Insyde Software
Product InsydeH2O
Version Feature developed for Lenovo

CVSS Information

Base Score 8.2 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Analysis

AI Description A critical vulnerability in Lenovo’s EFI services could allow attackers to corrupt SMM memory, potentially leading to system crashes or arbitrary code execution. This issue is specific to Lenovo’s implementation and affects their UEFI firmware components.
AI Severity Critical
AI Vendor Insyde Software
AI Product InsydeH2O
AI Version Version not specified (Feature developed for Lenovo)

Affected Products

  • Insyde Software InsydeH2O Feature developed for Lenovo

Additional Information

CWE List CWE-787
Source Insyde

Description

The vulnerability was identified in the code developed specifically for Lenovo. Please visit “Lenovo Product Security Advisories and Announcements” webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.