Insyde

Insydeh2o

80 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-46897

  • EPSS 0.05%
  • Published 22.04.2024 18:15:07
  • Last modified 29.07.2025 20:43:39

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.

4.7

CVE-2022-24351

  • EPSS 0.03%
  • Published 16.12.2023 02:15:07
  • Last modified 21.11.2024 06:50:13

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code ...

5.5

CVE-2023-40238

Exploit
  • EPSS 0.1%
  • Published 07.12.2023 04:15:06
  • Last modified 21.11.2024 08:19:02

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo...

7.8

CVE-2023-39283

  • EPSS 0.1%
  • Published 02.11.2023 22:15:09
  • Last modified 21.11.2024 08:15:03

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.

5.5

CVE-2023-39284

  • EPSS 0.06%
  • Published 02.11.2023 21:15:09
  • Last modified 21.11.2024 08:15:03

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

9.8

CVE-2023-39281

  • EPSS 0.23%
  • Published 01.11.2023 22:15:08
  • Last modified 21.11.2024 08:15:03

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

5.3

CVE-2023-30633

  • EPSS 0.14%
  • Published 19.10.2023 20:15:08
  • Last modified 21.11.2024 08:00:33

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device an...

7.8

CVE-2023-34195

  • EPSS 0.09%
  • Published 18.09.2023 13:15:08
  • Last modified 21.11.2024 08:06:45

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a ...

5.5

CVE-2023-27471

  • EPSS 0.06%
  • Published 18.08.2023 19:15:12
  • Last modified 21.11.2024 07:52:58

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operatin...

7.5

CVE-2023-31041

  • EPSS 0.11%
  • Published 14.08.2023 15:15:12
  • Last modified 21.11.2024 08:01:18

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.