Lucene search
K

406 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:7 p.m.9 views

CVE-2021-33625

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses...

7.5CVSS7AI score0.00314EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.6 views

CVE-2020-5955

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges...

9.8CVSS6.9AI score0.01368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.14 views

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...

7.2CVSS6.8AI score0.00317EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

Insyde InsydeH2O kernel 安全漏洞

Insyde InsydeH2O kernel is a program kernel for updating computer BIOS from Insyde, a Chinese company. A security vulnerability exists in Insyde InsydeH2O kernel versions prior to 5.7 05.70.50, which is caused by a buffer over-read...

7.5CVSS6.8AI score0.004EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/15 12:0 a.m.7 views

CVE-2024-52877

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

7AI score0.004EPSS
Exploits0References2
CVE
CVE
added 2025/05/15 12:0 a.m.37 views

CVE-2024-52880

The connected PT-2025-17633 entry provides concrete fixes for Insyde InsydeH2O kernel vulnerabilities: affected kernel versions are 5.2–05.29.49, 5.3–05.38.49, 5.4–05.46.49, 5.5–05.54.49, 5.6–05.61.49, and 5.7–05.70.49. The root cause is that the SecureBootHandler in the VariableRuntimeDxe driver...

7.9CVSS7AI score0.00158EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

Insyde InsydeH2O kernel 安全漏洞

Insyde InsydeH2O kernel is a program kernel for updating computer BIOS from Insyde, a Chinese company. A security vulnerability exists in Insyde InsydeH2O kernel versions prior to 5.7 05.70.50, which is caused by a buffer over-read...

7.5CVSS6.8AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.6 views

PT-2025-17631 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.2 through 05.29.49 Insyde InsydeH2O kernel versions 5.3 through 05.38.49 Insyde InsydeH2O kernel versions 5.4 through 05.46.49 Insyde InsydeH2O kernel versions 5.5 through 05.54.49 Insyde InsydeH2O kernel...

7.5CVSS6.5AI score0.004EPSS
Exploits0References10
OSV
OSV
added 2025/04/15 10:15 p.m.3 views

CVE-2024-49200

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. Th...

6.4CVSS5.9AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 3:43 a.m.8 views

CVE-2024-33228

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests...

8.4CVSS7.9AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2024/11/14 10:15 p.m.27 views

CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

5.3CVSS0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.5 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...

5.3CVSS6.6AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2024/11/14 12:0 a.m.47 views

CVE-2024-39707

Insyde IHISI function 0x49 can restore the factory defaults of certain UEFI variables without authentication, enabling a potential roll-back attack on specific platforms. Affected stack: Insyde IHISI (on affected platforms) with kernel versions prior to 5.2/05.29.19, prior to 5.3/05.38.19, prior ...

5.3CVSS7.1AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/14 12:0 a.m.20 views

CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

7.1AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 12:0 a.m.17 views

CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.5 views

PT-2024-28644 · Insyde · Insyde Ihisi

Name of the Vulnerable Software and Affected Versions: Insyde IHISI versions prior to kernel 5.2 version 05.29.19 Insyde IHISI versions prior to kernel 5.3 version 05.38.19 Insyde IHISI versions prior to kernel 5.4 version 05.46.19 Insyde IHISI versions prior to kernel 5.5 version 05.54.19 Insyde...

5.3CVSS7.4AI score0.00168EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/31 12:0 a.m.22 views

CVE-2023-28149

An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...

0.00132EPSS
Exploits0References1
CVE
CVE
added 2024/07/31 12:0 a.m.57 views

CVE-2023-28149

The CVE-2023-28149 issue affects the IhisiServiceSmm module in Insyde InsydeH2O. Affected kernel series include 5.2 prior to 05.28.42, 5.3 prior to 05.37.42, 5.4 prior to 05.45.39, 5.5 prior to 05.53.39, and 5.6 prior to 05.60.39. The vulnerability could allow an attacker to modify UEFI variables...

6.1CVSS6.5AI score0.00132EPSS
Exploits0References1
Hewlett-Packard
Hewlett-Packard
added 2024/06/28 12:0 a.m.28 views

Certain HP PC BIOS Logo Vulnerabilities

Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...

7.8CVSS7.8AI score0.01858EPSS
Exploits1Affected Software450
Hewlett-Packard
Hewlett-Packard
added 2024/06/18 12:0 a.m.31 views

Insyde BIOS June 2024 EDK II Reference Vulnerabilities

Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using Insyde BIOS Insyde H20 UEFI Firmware, which might allow arbitrary code execution. Inysde has released updates to mitigate the potential vulnerabilities. Insyde has released updates to mitigate the...

7.8CVSS8.2AI score0.00288EPSS
Exploits0Affected Software312
Rows per page
Query Builder