Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde kernel 5.0 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2022-24069
An issue exists in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 prior to 05.08.41, 5.1 prior to 05.16.29, 5.2 prior to 05.26.29, 5.3 prior to 05.35.29, 5.4 prior to 05.43.29, and 5.5 prior to 05.51.29. An SMM callout vulnerability allows an malicious user to hijack the executio...
Insyde Insydeh2o
6.8
CVSSv2
CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
Tianocore Edk2
Insyde Kernel 5.0
Insyde Kernel 5.2
Insyde Kernel 5.3
Insyde Kernel 5.4
Insyde Kernel 5.5
Insyde Kernel 5.1
4.6
CVSSv2
CVE-2021-41839
An issue exists in NvmExpressDxe in the kernel 5.0 up to and including 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to ...
Insyde Insydeh2o
NA
CVE-2023-47252
An issue exists in PnpSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communicatio...
NA
CVE-2022-46897
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.
NA
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to send arbitrary data to SMM which could lead to privilege escalation.
Insyde Insydeh2o
Insyde Insydeh2o 5.5.05.53.22
Insyde Insydeh2o 5.6
Insyde Insydeh2o 5.6.05.60.22
NA
CVE-2023-39284
An issue exists in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.
Insyde Insydeh2o
NA
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to run arbitrary code execution during the DXE phase.
Insyde Insydeh2o 05.45.24.0039
Insyde Insydeh2o 05.44.45.0017
Insyde Insydeh2o 05.44.34.0055
Insyde Insydeh2o 05.53.28.0013
Insyde Insydeh2o 05.45.38.0005
Insyde Insydeh2o 05.53.23.0011
Insyde Insydeh2o 05.53.23.0014
Insyde Insydeh2o 05.53.22.0008
Insyde Insydeh2o 05.44.30.0022
Insyde Insydeh2o 05.43.06.0021
Insyde Insydeh2o 05.42.37.0031
NA
CVE-2023-30633
An issue exists in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration t...
Insyde Insydeh2o 5.2
Insyde Insydeh2o
NA
CVE-2023-34195
An issue exists in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This var...
Insyde Insydeh2o
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »