Security News > 2022 > February > UEFI firmware vulnerabilities affect at least 25 computer vendors
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.
UEFI software is an interface between a device's firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.
In total, Binarly found 23 flaws in the InsydeH2O UEFI firmware, most of them in the software's System Management Mode that provides system-wide functions such as power management and hardware control.
"All of the aforementioned vendors were using Insyde-based firmware SDK to develop their pieces of firmware," the company notes.
At the moment, the U.S. CERT Coordination Center confirmed three vendors with products affected by the security issues found in the InsydeH2O firmware: Fujitsu, Insyde Software Corporation, and Intel.
Insyde Software has released firmware updates to fix all identified security vulnerabilities and published detailed bulletins to assign severity and description for every flaw.