As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface (UEFI) firmware used by numerous vendors. The vulnerabilities reside in Insyde Software’s InSydeH2O UEFI firmware. The flaws could allow a malicious actor to run arbitrary code with SMM permissions, a special-purpose execution mode in x86 processors that handles power management, hardware configuration, thermal monitoring, and other functions. The weaknesses can also be chained together to bypass security features and install malware in a manner that survives operating system re-installations and achieve long-term persistence.”]
Source: https://thehackernews.com/2022/02/dozens-of-security-flaws-discovered-in.html