Severity by source
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
AnalysisAI
CVE-2024-55567 is an improper input validation vulnerability in the UsbCoreDxe module of Insyde InsydeH2O firmware that allows authenticated local attackers with high privileges to bypass SMM (System Management Mode) protections and execute arbitrary code at the highest firmware privilege level. This affects multiple kernel versions (5.4, 5.5, 5.6, 5.7) across numerous OEM BIOS implementations, enabling complete system compromise including kernel-level code execution and memory access. While CVSS rates this as 7.5 (high), real-world exploitation requires local access and administrative/BIOS-level privileges, though no public POC or active KEV designation has been confirmed.
Technical ContextAI
The vulnerability exists in UsbCoreDxe, a UEFI DXE (Driver Execution Environment) module responsible for USB device enumeration and communication. InsydeH2O is a proprietary BIOS/UEFI firmware platform used by numerous OEMs. The SMM (System Management Mode) is a privileged x86 processor mode used for low-level hardware management tasks that executes outside normal operating system control. The vulnerability is rooted in CWE-20 (Improper Input Validation), specifically in SMM call-out handlers that fail to properly validate parameters passed from less-privileged code. Attackers can craft malicious USB descriptor data or firmware interface calls to trigger out-of-bounds memory writes or unvalidated function pointer dereferences within SMRAM (SMM-protected memory), leading to arbitrary code execution at SMM level. The USB subsystem's position in the firmware stack makes this particularly dangerous, as USB initialization occurs before OS boot, with minimal validation of device descriptors.
RemediationAI
- method: Firmware Update (Primary); action: Update InsydeH2O kernel to patched versions: 5.4 to 05.47.01 or later, 5.5 to 05.55.01 or later, 5.6 to 05.62.01 or later, 5.7 to 05.71.01 or later. Contact OEM (Dell, HP, Lenovo, ASUS, etc.) for BIOS updates specific to your motherboard/system model, as InsydeH2O is integrated into OEM firmware distributions.
- method: Interim Mitigation (if patches unavailable); action: Restrict physical USB port access and disable USB device enumeration in BIOS settings if business continuity allows. Implement secure boot and firmware integrity verification (TPM-backed) to detect unauthorized modifications. Limit local administrative access and enable BIOS/firmware update authentication.
- method: Detection and Monitoring; action: Monitor system logs for unexpected SMM mode activity or firmware modifications. Implement firmware vulnerability scanning tools compatible with your UEFI firmware to detect vulnerable UsbCoreDxe versions.
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. Rated high severity (CVSS 7.8), this vulnerabil
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerab
An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 all
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.4
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), thi
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), thi
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54678