CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption...

8.8CVSS6.8AI score0.00125EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:15 a.m.•4 views

CVE-2023-22612

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM...

8.8CVSS7AI score0.00276EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:57 p.m.•6 views

CVE-2022-32471

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...

7CVSS7.7AI score0.00069EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:1 p.m.•3 views

CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

6.4CVSS6.9AI score0.00093EPSS

Exploits0References1

Tenable Nessus•added 2023/09/26 12:0 a.m.•18 views

Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22613)

8.8CVSS8AI score0.00125EPSS

Exploits0References4

BDU FSTEC•added 2023/05/24 12:0 a.m.•2 views

The vulnerability of the IhisiSmm component of the InsydeH2O UEFI firmware creation framework allows a hacker to execute arbitrary code.

The vulnerability of the IhisiSmm component in the InsydeH2O UEFI firmware creation framework is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

8.1CVSS8.3AI score0.00276EPSS

Exploits0References5Affected Software1

BDU FSTEC•added 2023/04/22 12:0 a.m.•1 views

The vulnerability of the IhisiSmm component of the InsydeH2O UEFI firmware creation framework allows a hacker to induce a service failure.

The vulnerability of the IhisiSmm component in the InsydeH2O UEFI firmware creation framework is related to state management errors. Exploiting this vulnerability could allow a remote attacker to cause system failures...

6.4CVSS7.5AI score0.0024EPSS

Exploits0References4Affected Software1

NVD•added 2023/04/12 1:15 p.m.•13 views

CVE-2022-24350

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...

5.5CVSS6.6AI score0.00073EPSS

Exploits0References2

OSV•added 2023/04/12 1:15 p.m.•3 views

CVE-2022-24350

5.5CVSS6AI score

Exploits0References2

NVD•added 2023/04/12 1:15 p.m.•7 views

CVE-2023-22616

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM...

7.8CVSS7.4AI score0.00166EPSS

Exploits1References3

OSV•added 2023/04/12 1:15 p.m.•1 views

CVE-2023-22616

7.8CVSS7.1AI score0.00166EPSS

Exploits1References3