EUVD-2020-27107

Malware in sbrugna...

EUVD-2023-38294

Malicious code in bioql PyPI...

CVE-2023-28149

An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...

CVE-2022-32471

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.2 through 5.7, which stems from a DXE memory corruption that could lead to arbitrary code...

CVE-2023-39283

An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...

The vulnerability of the SysPasswordDxe component in the InsydeH2O UEFI firmware creation framework allows a hacker to access confidential information.

The vulnerability of the SysPasswordDxe component in the InsydeH2O UEFI firmware creation framework is related to the unencrypted storage of credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

The vulnerability of the IhisiSmm component of the InsydeH2O UEFI firmware creation framework allows a hacker to execute arbitrary code.

The vulnerability of the IhisiSmm component in the InsydeH2O UEFI firmware creation framework is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

PT-2022-21946 · Insyde · Insydeh2O Uefi Firmware

Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware kernel versions prior to 5.2: 05.27.25 InsydeH2O UEFI firmware kernel versions prior to 5.3: 05.36.25 InsydeH2O UEFI firmware kernel versions prior to 5.4: 05.44.25 InsydeH2O UEFI firmware kernel versions prior to 5.5:...

PT-2022-21899 · Insyde · Insydeh2O Uefi Firmware

Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware kernel versions prior to 5.2: 05.27.25 InsydeH2O UEFI firmware kernel versions prior to 5.3: 05.36.25 InsydeH2O UEFI firmware kernel versions prior to 5.4: 05.44.25 Description: DMA transactions targeted at input buffe...

PT-2022-21898 · Insyde · Insydeh2O Uefi Firmware

Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware kernel versions prior to 5.2: 05.27.23 InsydeH2O UEFI firmware kernel versions prior to 5.3: 05.36.23 InsydeH2O UEFI firmware kernel versions prior to 5.4: 05.44.23 InsydeH2O UEFI firmware kernel versions prior to 5.5:...

PT-2022-21948 · Insyde · Insydeh2O Uefi Firmware

Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware Kernel versions prior to 5.4: 05.44.23 InsydeH2O UEFI firmware Kernel versions prior to 5.5: 05.52.23 Description: The issue concerns DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI...

BSA-2022-1763

Security Advisory ID : BSA-2022-1763 Component : InsydeH2O firmware framework code Revision : 1.0 Brocade has become aware ofseveral 23 memory management vulnerabilities that were disclosed by Binarly.Insyde's H2O UEFI firmware contains several 23 high-impact vulnerabilities.These vulnerabilities...

The vulnerability of the FvbServicesRuntimeDxe component in the InsydeH2O UEFI firmware creation framework allows a attacker to escalate their privileges.

The vulnerability of the FvbServicesRuntimeDxe component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

CVE-2021-43615

An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting thi...

CVE-2020-5953

A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM escalating...

CVE-2021-43522

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware is vulnerable to permission and access control issues, which can be...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a security vulnerability that could be exploited to elevate...