UEFI firmware vulnerabilities affect at least 25 computer vendors

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.

UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.

In total, Binarly found 23 flaws in the InsydeH2O UEFI firmware, most of them in the software’s System Management Mode (SMM) that provides system-wide functions such as power management and hardware control.

Read more…
Source: BleepingComputer