VYPR

BIOS

by Insyde

CVEs (96)

  • CVE-2022-24030Feb 3, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

  • CVE-2021-42059Feb 3, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE…

  • CVE-2021-43615Feb 3, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to…

  • CVE-2021-41841Feb 3, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control…

  • CVE-2020-5953Feb 3, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution…

  • CVE-2022-24069Feb 2, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of…

  • CVE-2021-43522Feb 2, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this…

  • CVE-2021-45971Jan 5, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler…

  • CVE-2021-41842Jan 5, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.02

    An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.

  • CVE-2021-45969Jan 5, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler…

  • CVE-2021-45970Jan 5, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that…

  • CVE-2020-5956Jan 5, 2022
    Insyde
    BIOS
    risk 0.00cvss epss 0.01

    An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.

  • CVE-2020-5955Nov 3, 2021
    Insyde
    BIOS
    risk 0.00cvss epss 0.01

    An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

  • CVE-2020-27339Jun 16, 2021
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe,…

  • CVE-2019-12532Aug 26, 2019
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version…

  • CVE-2005-4175Dec 11, 2005
    Insyde
    BIOS
    risk 0.00cvss epss 0.00

    Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Page 5 of 5