Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde insydeh2o vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32478
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mi...
Insyde Insydeh2o
NA
CVE-2022-32955
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitig...
Insyde Insydeh2o
NA
CVE-2022-36448
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.
Insyde Insydeh2o
NA
CVE-2023-40238
A LogoFAIL issue exists in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 prior to 05.28.47, 5.3 prior to 05.37.47, 5.4 prior to 05.45.47, 5.5 prior to 05.53.47, and 5.6 prior to 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a sp...
Insyde Insydeh2o
NA
CVE-2022-35893
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges ...
Insyde Insydeh2o
NA
CVE-2022-35895
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execu...
Insyde Insydeh2o
NA
CVE-2022-35896
An issue SMM memory leak vulnerability in SMM driver (SMRAM exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to informat...
Insyde Insydeh2o
NA
CVE-2023-34195
An issue exists in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This var...
Insyde Insydeh2o
641
VMScore
CVE-2021-43615
An issue exists in HddPassword in Insyde InsydeH2O with kernel 5.1 prior to 05.16.23, 5.2 prior to 05.26.23, 5.3 prior to 05.35.23, 5.4 prior to 05.43.22, and 5.5 prior to 05.51.22. An SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data...
Insyde Insydeh2o
NA
CVE-2022-24351
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version prior to 05.44.13, and Kernel 5.5 before version 05.52.13 allows an malicious user to alter data and code used by the remainder ...
Insyde Insydeh2o
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »