Improper input validation in Insyde Insydeh2o
CVE-2024-55567
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Insyde Insydeh2o
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-55567?
- CVE-2024-55567 is a high-severity vulnerability in Insyde Insydeh2o, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2025-06-12.
- How severe is CVE-2024-55567?
- High severity. CVSS v3 base score is 7.5 out of 10.