A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).
Metrics
Affected Vendors & Products
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: mitre
Published: 2022-02-03T01:00:57
Updated: 2024-08-04T08:47:41.026Z
Reserved: 2020-01-06T00:00:00
Link: CVE-2020-5953

No data.

Status : Modified
Published: 2022-02-03T01:15:07.647
Modified: 2024-11-21T05:34:53.567
Link: CVE-2020-5953

No data.