Insyde

Insydeh2o

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-4410

  • EPSS 0.02%
  • Veröffentlicht 13.08.2025 01:49:47
  • Zuletzt bearbeitet 13.08.2025 17:33:46

A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.

7.5

CVE-2025-4277

  • EPSS 0.03%
  • Veröffentlicht 13.08.2025 01:46:22
  • Zuletzt bearbeitet 13.08.2025 17:33:46

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

7.5

CVE-2025-4276

  • EPSS 0.03%
  • Veröffentlicht 13.08.2025 01:41:56
  • Zuletzt bearbeitet 13.08.2025 17:33:46

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

6

CVE-2025-4426

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 30.07.2025 01:15:25
  • Zuletzt bearbeitet 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

8.2

CVE-2025-4425

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 30.07.2025 01:15:25
  • Zuletzt bearbeitet 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

8.2

CVE-2025-4422

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 30.07.2025 01:15:25
  • Zuletzt bearbeitet 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

8.2

CVE-2025-4421

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 30.07.2025 00:39:28
  • Zuletzt bearbeitet 31.07.2025 18:42:37

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_securi...

6.7

CVE-2024-55567

  • EPSS 0.03%
  • Veröffentlicht 12.06.2025 00:00:00
  • Zuletzt bearbeitet 20.08.2025 17:31:31

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbi...

7.8

CVE-2025-4275

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 11.06.2025 00:25:17
  • Zuletzt bearbeitet 30.07.2025 08:15:34

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrar...

7.9

CVE-2024-52880

  • EPSS 0.03%
  • Veröffentlicht 15.05.2025 00:00:00
  • Zuletzt bearbeitet 29.07.2025 13:09:06

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before vers...