The root vulnerabilities stem from the InsydeH2O firmware SDK. The verified list of impacted vendors consists of: Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel and Bull Atos.

Insyde announcements:

https://www.insyde.com/press_news/press-releases/insyde%C2%A...

https://www.insyde.com/security-pledge

The first time I found a computer to have Insyde BIOS it was instantly plain to see these were to be completely avoided.

So much worse than anything that ever went before.