Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde kernel 5.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47252
An issue exists in PnpSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communicatio...
NA
CVE-2022-46897
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.
NA
CVE-2022-24351
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version prior to 05.44.13, and Kernel 5.5 before version 05.52.13 allows an malicious user to alter data and code used by the remainder ...
Insyde Insydeh2o
NA
CVE-2023-40238
A LogoFAIL issue exists in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 prior to 05.28.47, 5.3 prior to 05.37.47, 5.4 prior to 05.45.47, 5.5 prior to 05.53.47, and 5.6 prior to 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a sp...
Insyde Insydeh2o
NA
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to send arbitrary data to SMM which could lead to privilege escalation.
Insyde Insydeh2o
Insyde Insydeh2o 5.5.05.53.22
Insyde Insydeh2o 5.6
Insyde Insydeh2o 5.6.05.60.22
NA
CVE-2023-39284
An issue exists in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.
Insyde Insydeh2o
NA
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to run arbitrary code execution during the DXE phase.
Insyde Insydeh2o 05.45.24.0039
Insyde Insydeh2o 05.44.45.0017
Insyde Insydeh2o 05.44.34.0055
Insyde Insydeh2o 05.53.28.0013
Insyde Insydeh2o 05.45.38.0005
Insyde Insydeh2o 05.53.23.0011
Insyde Insydeh2o 05.53.23.0014
Insyde Insydeh2o 05.53.22.0008
Insyde Insydeh2o 05.44.30.0022
Insyde Insydeh2o 05.43.06.0021
Insyde Insydeh2o 05.42.37.0031
NA
CVE-2023-30633
An issue exists in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration t...
Insyde Insydeh2o 5.2
Insyde Insydeh2o
NA
CVE-2023-34195
An issue exists in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This var...
Insyde Insydeh2o
NA
CVE-2023-27471
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. E...
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »