22 matches found
Insyde BIOS SMM Memory Corruption Security Update
A potential security vulnerability has been identified in certain HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow arbitrary code execution. Insyde has released mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs...
Insyde BIOS Buffer Overflow in certain HP ARM-Based PCs
A potential security vulnerability has been identified in certain ARM-based HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow arbitrary code execution. Insyde has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and...
EUVD-2025-18070
Malicious code in bioql PyPI...
Insyde BIOS Vulnerabilities - Lenovo Support US
No description provided...
CVE-2025-4275
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275
CVE-2025-4275 affects InsydeH2O UEFI firmware/applications. Root cause: unsafe handling of an NVRAM variable used to store signing certificates, enabling a attacker to inject their own certificate and bypass Secure Boot. Impact: execution of unsigned or malicious UEFI code before OS load, potenti...
Insyde InsydeH2O kernel 安全漏洞
Insyde InsydeH2O kernel is a program kernel for updating computer BIOS from Insyde, a Chinese company. A security vulnerability exists in Insyde InsydeH2O kernel versions prior to 5.7 05.70.50, which is caused by a buffer over-read...
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
Insyde BIOS June 2024 EDK II Reference Vulnerabilities
Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using Insyde BIOS Insyde H20 UEFI Firmware, which might allow arbitrary code execution. Inysde has released updates to mitigate the potential vulnerabilities. Insyde has released updates to mitigate the...
Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22613)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. Insyde BIOS is typically...
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41838)
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. Insyde BIOS is...
Siemens RUGGEDCOM APE1808 Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Insyde BIOS Vulnerabilities - Lenovo Support US
No description provided...
K45810018: Multiple Insyde BIOS/EFI vulnerabilities
Security Advisory Description CVE-2020-5953 A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can resu...
Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness (1)
No description provided by source. source: http://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running o...
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1)
source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memory...
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)
// source: https://www.securityfocus.com/bid/15751/info Multiple vendors fail to clear the BIOS Basic Input-Output System keyboard buffer after reading the preboot authentication password during the system startup process. Depending on the operating system running on affected computers, the memor...