UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-24533 UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Fixes

Solution

Kernel 5.3 : Version Tag 05.39.18 Kernel 5.4 : Version Tag 05.47.18 Kernel 5.5 : Version Tag 05.55.18 Kernel 5.6 : Version Tag 05.62.18 Kernel 5.7 : Version Tag 05.71.18


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Insyde
Insyde insydeh2o
Vendors & Products Insyde
Insyde insydeh2o

Wed, 13 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Aug 2025 02:00:00 +0000

Type Values Removed Values Added
Description UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Title UsbCoreDxe: improper input validation may lead to arbitrary code execution
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Insyde

Published:

Updated: 2025-08-14T05:54:07.744Z

Reserved: 2025-05-05T02:10:43.371Z

Link: CVE-2025-4276

cve-icon Vulnrichment

Updated: 2025-08-13T13:22:23.276Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-13T02:15:25.723

Modified: 2025-08-13T17:33:46.673

Link: CVE-2025-4276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-13T21:47:06Z