Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insyde kernel 5.5 vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2022-32475
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue w...
Insyde Insydeh2o
6
CVSSv3
CVE-2022-35894
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.
Insyde Insydeh2o
8.2
CVSSv3
CVE-2022-35895
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execu...
Insyde Insydeh2o
8.2
CVSSv3
CVE-2022-35893
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges ...
Insyde Insydeh2o
9.8
CVSSv3
CVE-2021-41842
An issue exists in AtaLegacySmm in the kernel 5.0 prior to 05.08.46, 5.1 prior to 05.16.46, 5.2 prior to 05.26.46, 5.3 prior to 05.35.46, 5.4 prior to 05.43.46, and 5.5 prior to 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer chec...
Insyde Insydeh2o
6
CVSSv3
CVE-2022-35896
An issue SMM memory leak vulnerability in SMM driver (SMRAM exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to informat...
Insyde Insydeh2o
7.8
CVSSv3
CVE-2023-22616
An issue exists in Insyde InsydeH2O with kernel 5.2 up to and including 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.
Insyde Insydeh2o
8.2
CVSSv3
CVE-2022-36338
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer ...
Insyde Insydeh2o
8.2
CVSSv3
CVE-2022-24031
An issue exists in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 up to and including 5.5. An SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Insyde Insydeh2o
7.5
CVSSv3
CVE-2022-24030
An issue exists in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 up to and including 5.5. An SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Insyde Insydeh2o
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »