Insyde

Insydeh2o

84 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2024-27353

  • EPSS 0.13%
  • Veröffentlicht 15.05.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 09:04:24

A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating pr...

7.4

CVE-2024-25079

  • EPSS 0.11%
  • Veröffentlicht 15.05.2024 15:15:07
  • Zuletzt bearbeitet 04.08.2025 14:23:17

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in...

7.4

CVE-2024-25078

  • EPSS 0.11%
  • Veröffentlicht 15.05.2024 14:15:08
  • Zuletzt bearbeitet 29.07.2025 20:02:06

A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: ...

6.3

CVE-2023-47252

  • EPSS 0.13%
  • Veröffentlicht 26.04.2024 03:15:06
  • Zuletzt bearbeitet 29.07.2025 23:30:00

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before gettin...

5.3

CVE-2022-46897

  • EPSS 0.05%
  • Veröffentlicht 22.04.2024 18:15:07
  • Zuletzt bearbeitet 29.07.2025 20:43:39

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.

4.7

CVE-2022-24351

  • EPSS 0.03%
  • Veröffentlicht 16.12.2023 02:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:13

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code ...

5.5

CVE-2023-40238

Exploit
  • EPSS 0.13%
  • Veröffentlicht 07.12.2023 04:15:06
  • Zuletzt bearbeitet 31.12.2025 01:03:36

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo...

7.8

CVE-2023-39283

  • EPSS 0.1%
  • Veröffentlicht 02.11.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:15:03

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.

5.5

CVE-2023-39284

  • EPSS 0.06%
  • Veröffentlicht 02.11.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:15:03

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

9.8

CVE-2023-39281

  • EPSS 0.23%
  • Veröffentlicht 01.11.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:03

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.