Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde kernel 5.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-30283
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an malicious user to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a wo...
Insyde Kernel
7.5
CVSSv3
CVE-2022-24030
An issue exists in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 up to and including 5.5. An SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Insyde Insydeh2o
7.5
CVSSv3
CVE-2021-43522
An issue exists in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue ...
Insyde Insydeh2o
7.5
CVSSv3
CVE-2020-5956
An issue exists in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 prior to 05.15.11, 5.2 prior to 05.25.11, 5.3 prior to 05.34.11, and 5.4 prior to 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
Insyde Insydeh2o
7
CVSSv3
CVE-2022-32954
An issue exists in Insyde InsydeH2O with kernel 5.1 up to and including 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
Insyde Insydeh2o
6.7
CVSSv3
CVE-2021-42059
An issue exists in Insyde InsydeH2O Kernel 5.0 prior to 05.08.41, Kernel 5.1 prior to 05.16.41, Kernel 5.2 prior to 05.26.41, Kernel 5.3 prior to 05.35.41, and Kernel 5.4 prior to 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE ...
Insyde Insydeh2o
Siemens Simatic Field Pg M5 Firmware
Siemens Simatic Field Pg M6 Firmware
Siemens Simatic Ipc127e Firmware
Siemens Simatic Ipc227g Firmware
Siemens Simatic Ipc277g Firmware
Siemens Simatic Ipc327g Firmware
Siemens Simatic Ipc377g Firmware
Siemens Simatic Ipc427e Firmware
Siemens Simatic Ipc477e Firmware
Siemens Simatic Ipc627e Firmware
Siemens Simatic Ipc647e Firmware
Siemens Simatic Ipc677e Firmware
Siemens Simatic Ipc847e Firmware
Siemens Simatic Itp1000 Firmware
6.7
CVSSv3
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdH...
Insyde Insydeh2o
Siemens Ruggedcom Apr1808 Firmware -
Siemens Simatic Field Pg M5 Firmware -
Siemens Simatic Field Pg M6 Firmware -
Siemens Simatic Ipc127e Firmware -
Siemens Simatic Ipc227g Firmware -
Siemens Simatic Ipc277g Firmware -
Siemens Simatic Ipc327g Firmware -
Siemens Simatic Ipc377g Firmware -
Siemens Simatic Ipc427e Firmware -
Siemens Simatic Ipc477e Firmware -
Siemens Simatic Ipc477e Pro Firmware -
Siemens Simatic Ipc627e Firmware -
Siemens Simatic Ipc647e Firmware -
Siemens Simatic Ipc677e Firmware -
Siemens Simatic Ipc847e Firmware -
Siemens Simatic Itp1000 Firmware -
5.5
CVSSv3
CVE-2023-27471
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. E...
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
5.5
CVSSv3
CVE-2023-27373
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
Insyde Insydeh2o 5.0
Insyde Insydeh2o 5.1
Insyde Insydeh2o 5.2
Insyde Insydeh2o 5.3
Insyde Insydeh2o 5.4
Insyde Insydeh2o 5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3