Insyde InsydeH2O has an unspecified vulnerability (CNVD-2022-10288)

Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the legacy BIOS (Basic Input/Output System).A security vulnerability exists in Insyde InsydeH2O. The vulnerability stems from the System Management Interrupt (SWSMI) handler of the InsydeH2O UEFI firmware code located in the SWSMI handler that dereferences the gRT (EFI_RUNTIME_SERVICES) pointer to call the GetVariable service located outside of SMRAM. No detailed vulnerability details are currently available.