VYPR

Vendor CVEs

Insyde

All CVEs

105 total · sorted by risk
  • CVE-2021-33834HigSep 8, 2023
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.

  • CVE-2023-25600HigAug 3, 2023
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.

  • CVE-2022-32477HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack…

  • CVE-2022-32475HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was…

  • CVE-2022-32469HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be…

  • CVE-2022-32953HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated…

  • CVE-2022-32476HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be…

  • CVE-2022-32473HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be…

  • CVE-2022-32470HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can…

  • CVE-2022-32955HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be…

  • CVE-2022-32954HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated…

  • CVE-2022-32478HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be…

  • CVE-2022-32474HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This…

  • CVE-2022-32471HigFeb 15, 2023
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are…

  • CVE-2022-33985HigNov 15, 2022
    risk 0.46cvss 7.0epss 0.00

    DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver…

  • CVE-2022-33984HigNov 15, 2022
    risk 0.46cvss 7.0epss 0.00

    DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could…

  • CVE-2022-33983HigNov 15, 2022
    risk 0.46cvss 7.0epss 0.00

    DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy…

  • CVE-2022-33909HigNov 15, 2022
    risk 0.46cvss 7.0epss 0.00

    DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could…

  • CVE-2022-33908HigNov 15, 2022
    risk 0.46cvss 7.0epss 0.00

    DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could…

  • CVE-2022-33905HigNov 15, 2022
    risk 0.46cvss 7.0epss 0.00

    DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause…

  • CVE-2022-35897MedNov 21, 2022
    risk 0.44cvss 6.8epss 0.00

    An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific…

  • CVE-2021-42059MedFeb 3, 2022
    risk 0.44cvss 6.7epss 0.00

    An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE…

  • CVE-2020-27339MedJun 16, 2021
    risk 0.44cvss 6.7epss 0.00

    In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe,…

  • CVE-2023-28468MedAug 3, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.

  • CVE-2022-33986MedNov 15, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and…

  • CVE-2022-33906MedNov 15, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm…

  • CVE-2022-32267MedNov 15, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could…

  • CVE-2022-31243MedNov 15, 2022
    risk 0.42cvss 6.4epss 0.00

    Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the…

  • CVE-2022-30774MedNov 15, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter…

  • CVE-2022-33982MedNov 14, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could…

  • CVE-2022-33907MedNov 14, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the…

  • CVE-2022-32266MedNov 14, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI…

  • CVE-2022-30773MedNov 14, 2022
    risk 0.42cvss 6.4epss 0.00

    DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after…

  • CVE-2023-28149MedJul 31, 2024
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables.

  • CVE-2022-35894MedSep 22, 2022
    risk 0.39cvss 6.0epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

  • CVE-2022-35896MedSep 22, 2022
    risk 0.39cvss 6.0epss 0.00

    An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information…

  • CVE-2023-40238MedDec 7, 2023
    risk 0.36cvss 5.5epss 0.02

    A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a…

  • CVE-2023-39284MedNov 2, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

  • CVE-2023-27471MedAug 18, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation…

  • CVE-2023-27373MedAug 7, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.

  • CVE-2022-24350MedApr 12, 2023
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the…

  • CVE-2024-39707MedNov 14, 2024
    risk 0.34cvss 5.3epss 0.00

    Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19;…

  • CVE-2023-30633MedOct 19, 2023
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to…

  • CVE-2022-24351MedDec 16, 2023
    risk 0.31cvss 4.7epss 0.00

    TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the…

  • CVE-2024-55567Jun 12, 2025
    risk 0.00cvss epss 0.00

    Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and…

  • CVE-2024-52879May 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In…

  • CVE-2024-52880May 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In…

  • CVE-2024-52877May 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In…

  • CVE-2024-52878May 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In…

  • CVE-2024-49200Apr 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a…