406 matches found
CVE-2021-33625
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses...
CVE-2020-5955
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges...
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...
Insyde InsydeH2O kernel 安全漏洞
Insyde InsydeH2O kernel is a program kernel for updating computer BIOS from Insyde, a Chinese company. A security vulnerability exists in Insyde InsydeH2O kernel versions prior to 5.7 05.70.50, which is caused by a buffer over-read...
CVE-2024-52877
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...
CVE-2024-52880
The connected PT-2025-17633 entry provides concrete fixes for Insyde InsydeH2O kernel vulnerabilities: affected kernel versions are 5.2–05.29.49, 5.3–05.38.49, 5.4–05.46.49, 5.5–05.54.49, 5.6–05.61.49, and 5.7–05.70.49. The root cause is that the SecureBootHandler in the VariableRuntimeDxe driver...
Insyde InsydeH2O kernel 安全漏洞
Insyde InsydeH2O kernel is a program kernel for updating computer BIOS from Insyde, a Chinese company. A security vulnerability exists in Insyde InsydeH2O kernel versions prior to 5.7 05.70.50, which is caused by a buffer over-read...
PT-2025-17631 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.2 through 05.29.49 Insyde InsydeH2O kernel versions 5.3 through 05.38.49 Insyde InsydeH2O kernel versions 5.4 through 05.46.49 Insyde InsydeH2O kernel versions 5.5 through 05.54.49 Insyde InsydeH2O kernel...
CVE-2024-49200
An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. Th...
CVE-2024-33228
An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests...
CVE-2024-39707
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...
CVE-2024-39707
Insyde IHISI function 0x49 can restore the factory defaults of certain UEFI variables without authentication, enabling a potential roll-back attack on specific platforms. Affected stack: Insyde IHISI (on affected platforms) with kernel versions prior to 5.2/05.29.19, prior to 5.3/05.38.19, prior ...
CVE-2024-39707
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...
CVE-2024-39707
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...
PT-2024-28644 · Insyde · Insyde Ihisi
Name of the Vulnerable Software and Affected Versions: Insyde IHISI versions prior to kernel 5.2 version 05.29.19 Insyde IHISI versions prior to kernel 5.3 version 05.38.19 Insyde IHISI versions prior to kernel 5.4 version 05.46.19 Insyde IHISI versions prior to kernel 5.5 version 05.54.19 Insyde...
CVE-2023-28149
An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...
CVE-2023-28149
The CVE-2023-28149 issue affects the IhisiServiceSmm module in Insyde InsydeH2O. Affected kernel series include 5.2 prior to 05.28.42, 5.3 prior to 05.37.42, 5.4 prior to 05.45.39, 5.5 prior to 05.53.39, and 5.6 prior to 05.60.39. The vulnerability could allow an attacker to modify UEFI variables...
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
Insyde BIOS June 2024 EDK II Reference Vulnerabilities
Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using Insyde BIOS Insyde H20 UEFI Firmware, which might allow arbitrary code execution. Inysde has released updates to mitigate the potential vulnerabilities. Insyde has released updates to mitigate the...