44 matches found
CVE-2024-27353
A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM...
CVE-2024-27353
A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM...
CVE-2024-25079
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM...
CVE-2024-25079
CVE-2024-25079 affects InsydeH2O kernel (Insyde InsydeH2O) with a memory corruption in HddPassword that could lead to SMM privilege escalation. Affected versions and fixed targets per PT-2024-20730/CDS: 5.2 before 05.29.09 → update to 05.29.09 or later; 5.3 before 05.38.09 → update to 05.38.09 or...
CVE-2024-27353
Insyde InsydeH2O kernel vulnerabilities (CVE-2024-27353) involve a memory corruption issue in SdHost and SdMmcDevice that could lead to privilege escalation in SMM. Affected software ranges are Insyde InsydeH2O kernel 5.2 before 05.29.09, 5.3 before 05.38.09, 5.4 before 05.46.09, 5.5 before 05.54...
CVE-2024-25078
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating...
CVE-2024-25078
Insyde InsydeH2O contains a memory corruption vulnerability in StorageSecurityCommandDxe that could lead to privilege escalation in SMM. Affected: Insyde InsydeH2O before kernel 5.2 (fix IB19130163 in 05.29.07), before kernel 5.3 (fix in 05.38.07), before kernel 5.4 (fix in 05.46.07), before kern...
Siemens InsydeH2O Out-of-bounds Write (CVE-2021-43615)
An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting thi...
Siemens InsydeH2O Out-of-bounds Write (CVE-2021-43522)
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to...
Siemens InsydeH2O Out-of-bounds Write (CVE-2022-24031)
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. Insyde BIOS is typically used in...
Why Ransomware in Education on the Rise and What That Means for 2023
The breach of LA Unified School District LAUSD highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide disruptio...
CVE-2022-35893
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...
Memory corruption
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...
CVE-2022-35893
The CVE-2022-35893 issue affects Insyde InsydeH2O (kernel 5.0–5.5). A memory corruption fault in the FvbServicesRuntimeDxe driver permits writes to SMRAM, enabling escalation to SMM. Public details indicate the vulnerability resides in InsydeH2O and is associated with SMM memory corruption, with ...
CVE-2022-35893
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...
CVE-2021-41837
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to...
CVE-2021-41839
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges...
CVE-2021-42554
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a...
CVE-2022-24031
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...
Memory corruption
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...