Insyde

Insydeh2o

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-46897

  • EPSS 0.05%
  • Veröffentlicht 22.04.2024 18:15:07
  • Zuletzt bearbeitet 29.07.2025 20:43:39

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.

4.7

CVE-2022-24351

  • EPSS 0.03%
  • Veröffentlicht 16.12.2023 02:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:13

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code ...

5.5

CVE-2023-40238

Exploit
  • EPSS 0.1%
  • Veröffentlicht 07.12.2023 04:15:06
  • Zuletzt bearbeitet 21.11.2024 08:19:02

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo...

7.8

CVE-2023-39283

  • EPSS 0.1%
  • Veröffentlicht 02.11.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:15:03

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.

5.5

CVE-2023-39284

  • EPSS 0.06%
  • Veröffentlicht 02.11.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:15:03

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

9.8

CVE-2023-39281

  • EPSS 0.23%
  • Veröffentlicht 01.11.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:03

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

5.3

CVE-2023-30633

  • EPSS 0.14%
  • Veröffentlicht 19.10.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:00:33

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device an...

7.8

CVE-2023-34195

  • EPSS 0.09%
  • Veröffentlicht 18.09.2023 13:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:45

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a ...

5.5

CVE-2023-27471

  • EPSS 0.06%
  • Veröffentlicht 18.08.2023 19:15:12
  • Zuletzt bearbeitet 21.11.2024 07:52:58

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operatin...

7.5

CVE-2023-31041

  • EPSS 0.11%
  • Veröffentlicht 14.08.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:01:18

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.