Insyde

Insydeh2o

80 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-4410

  • EPSS 0.02%
  • Published 13.08.2025 01:49:47
  • Last modified 13.08.2025 17:33:46

A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.

7.5

CVE-2025-4277

  • EPSS 0.03%
  • Published 13.08.2025 01:46:22
  • Last modified 13.08.2025 17:33:46

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

7.5

CVE-2025-4276

  • EPSS 0.03%
  • Published 13.08.2025 01:41:56
  • Last modified 13.08.2025 17:33:46

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

6

CVE-2025-4426

Media report
  • EPSS 0.02%
  • Published 30.07.2025 01:15:25
  • Last modified 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

8.2

CVE-2025-4425

Media report
  • EPSS 0.02%
  • Published 30.07.2025 01:15:25
  • Last modified 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

8.2

CVE-2025-4422

Media report
  • EPSS 0.02%
  • Published 30.07.2025 01:15:25
  • Last modified 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

8.2

CVE-2025-4421

Media report
  • EPSS 0.02%
  • Published 30.07.2025 00:39:28
  • Last modified 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

6.7

CVE-2024-55567

  • EPSS 0.03%
  • Published 12.06.2025 00:00:00
  • Last modified 20.08.2025 17:31:31

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbi...

7.8

CVE-2025-4275

Media report
  • EPSS 0.02%
  • Published 11.06.2025 00:25:17
  • Last modified 30.07.2025 08:15:34

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrar...

7.9

CVE-2024-52880

  • EPSS 0.03%
  • Published 15.05.2025 00:00:00
  • Last modified 29.07.2025 13:09:06

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before vers...