Improper input validation in Insyde Insydeh2o

CVE-2024-55567

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-55567?
CVE-2024-55567 is a high-severity vulnerability in Insyde Insydeh2o, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2025-06-12.
How severe is CVE-2024-55567?
High severity. CVSS v3 base score is 7.5 out of 10.