Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde kernel 5.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27471
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. E...
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
NA
CVE-2023-31041
An issue exists in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
NA
CVE-2023-27373
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
NA
CVE-2023-28468
An issue exists in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an malicious user to interact with the SPI flash at run-time from the OS.
Insyde Kernel
NA
CVE-2022-24350
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the Ge...
Insyde Insydeh2o
NA
CVE-2023-22613
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
Insyde Insydeh2o 05.27.37
Insyde Insydeh2o 05.36.37
Insyde Insydeh2o 05.44.45
Insyde Insydeh2o 05.52.45
NA
CVE-2023-22614
An issue exists in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.
Insyde Insydeh2o 05.44.45.0028
Insyde Insydeh2o 05.44.45.0015
Insyde Insydeh2o 05.44.34.0054
Insyde Insydeh2o 05.42.52.0026
Insyde Insydeh2o 05.43.12.0056
Insyde Insydeh2o 05.43.01.0026
NA
CVE-2023-22612
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.
Insyde Insydeh2o 05.28.03
Insyde Insydeh2o 05.37.03
Insyde Insydeh2o 05.45.01
Insyde Insydeh2o 05.53.01
Insyde Insydeh2o 05.0a.11
Insyde Insydeh2o 05.18.03
NA
CVE-2023-22615
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite p...
Insyde Insydeh2o 05.37.03
Insyde Insydeh2o 05.45.01
Insyde Insydeh2o 05.53.01
NA
CVE-2022-32475
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue w...
Insyde Insydeh2o
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »