Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde kernel vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2022-29275
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue exists by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5...
Insyde Kernel
8.2
CVSSv3
CVE-2022-36337
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
Insyde Kernel
7
CVSSv3
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM...
Insyde Kernel
6.4
CVSSv3
CVE-2022-33982
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lea...
Insyde Kernel
7
CVSSv3
CVE-2022-33984
DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cau...
Insyde Kernel
6.4
CVSSv3
CVE-2022-33986
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and l...
Insyde Kernel
6.4
CVSSv3
CVE-2022-31243
Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for ...
Insyde Kernel
6.5
CVSSv3
CVE-2023-28468
An issue exists in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an malicious user to interact with the SPI flash at run-time from the OS.
Insyde Kernel
9.8
CVSSv3
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to run arbitrary code execution during the DXE phase.
Insyde Insydeh2o 05.45.24.0039
Insyde Insydeh2o 05.44.45.0017
Insyde Insydeh2o 05.44.34.0055
Insyde Insydeh2o 05.53.28.0013
Insyde Insydeh2o 05.45.38.0005
Insyde Insydeh2o 05.53.23.0011
Insyde Insydeh2o 05.53.23.0014
Insyde Insydeh2o 05.53.22.0008
Insyde Insydeh2o 05.44.30.0022
Insyde Insydeh2o 05.43.06.0021
Insyde Insydeh2o 05.42.37.0031
7.5
CVSSv3
CVE-2023-31041
An issue exists in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »