VYPR
Vendor

Insyde

Products
5
CVEs
97
Across products
99
Status
Private

Products

5

Recent CVEs

97
View all 97 CVEs →
  • CVE-2023-39281CriNov 1, 2023
    risk 0.64cvss 9.8epss 0.00

    A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

  • CVE-2021-41842CriJan 6, 2022
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.

  • CVE-2020-5955CriNov 3, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

  • CVE-2023-22613HigApr 11, 2023
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.

  • CVE-2023-22614HigApr 11, 2023
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.

  • CVE-2023-22612HigApr 11, 2023
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.

  • CVE-2024-33228HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2023-22615HigApr 11, 2023
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite…

  • CVE-2022-36337HigNov 23, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.

  • CVE-2022-30772HigNov 15, 2022
    risk 0.53cvss 8.2epss 0.00

    Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by…

  • CVE-2022-29275HigNov 15, 2022
    risk 0.53cvss 8.2epss 0.00

    In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21…

  • CVE-2022-36448HigSep 28, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.

  • CVE-2022-35893HigSep 23, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

  • CVE-2022-36338HigSep 23, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to…

  • CVE-2022-35408HigSep 22, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the…

  • CVE-2022-35895HigSep 21, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code…

  • CVE-2022-24031HigFeb 3, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

  • CVE-2021-43615HigFeb 3, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to…

  • CVE-2021-43323HigFeb 3, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of…

  • CVE-2021-42554HigFeb 3, 2022
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in…