Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003679 advisory. A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was...

CVE-2021-41838

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000325 advisory. An issue was discovered in the Linux kernel before 5.0. The function mdiobusregister in drivers/net/phy/mdiobus.c calls putdevice, which will trigger a...

EUVD-2021-28841

Malicious code in bioql PyPI...

EUVD-2022-39157

Malicious code in bioql PyPI...

CVE-2023-31041

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure...

CVE-2022-36448

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

CVE-2022-46897

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions...

CVE-2022-46897

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions...

CVE-2022-46897

An issue in InsydeInsydeH2O (kernel 5.0–5.5) affects the CapsuleIFWUSmm driver, which does not check the return value from a method or function, potentially preventing detection of unexpected states. Affected component: CapsuleIFWUSmm driver in InsydeH2O. Impact: local conditions/state misdetecti...

CVE-2022-46897

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions...

Memory corruption

An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...

Design/Logic Flaw

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

CVE-2023-39283

An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...

CVE-2023-39284

CVE-2023-39284 affects Insyde InsydeH2O kernel 5.0–5.5 via IhisiServicesSmm, where arbitrary SetVariable calls in the SMI handler can pass attacker-controlled parameters. Root cause: unsanitized arguments in SMI SetVariable handling, enabling modification of protected NVRAM variables from Ring0 (...

Stack overflow

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...