CVE-2025-4277
HIGHInsydeH2O Kernel 5.2-5.7 - Arbitrary Memory Write and Code Execution in SMRAM via Tcg2Smm
Title source: llmDescription
Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
References (1)
Core 1
Core References
Various Sources
https://www.insyde.com/security-pledge/sa-2025005/
Scores
CVSS v3
7.5
EPSS
0.0013
EPSS Percentile
3.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (6)
Insyde Software/InsydeH2O
Kernel 5.2 - 05.2A.21
Insyde Software/InsydeH2O
Kernel 5.3 - 05.39.21
Insyde Software/InsydeH2O
Kernel 5.4 - 05.47.21
Insyde Software/InsydeH2O
Kernel 5.5 - 05.55.21
Insyde Software/InsydeH2O
Kernel 5.6 - 05.62.21
Insyde Software/InsydeH2O
Kernel 5.7 - 05.71.21
Published
Aug 13, 2025
Tracked Since
Feb 18, 2026