142 matches found
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...
CVE-2023-39281
CVE-2023-39281 affects InsydeH2O firmware (AsfSecureBootDxe) with kernel 5.0–5.5. The vulnerability is a stack buffer overflow in AsfSecureBootDxe, enabling arbitrary code execution during the DXE phase. Public sources in the connected documents confirm the affected software/component and the roo...
Design/Logic Flaw
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
CVE-2023-30633
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...
CVE-2023-30633
CVE-2023-30633 affects Insyde InsydeH2O’s TrEEConfigDriver (kernel 5.0–5.5). The issue allows reporting of false TPM PCR values, enabling a device to masquerade as healthy by extending arbitrary data into PCR banks. Impact depends on PCR integrity, potentially masking malware activity; exploit re...
Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22613)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. Insyde BIOS is typically...
Siemens InsydeH2O Inclusion of Functionality from Untrusted Control Sphere (CVE-2021-41841)
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. Insyde BIOS...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32474)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
Siemens InsydeH2O Out-of-bounds Write (CVE-2022-35895)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution. Insyde BIOS is...
Siemens InsydeH2O Improper Input Validation (CVE-2022-36448)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. Insyde BIOS is typically used in RUGGEDCOM APE products and some SIMATIC devices. Please refer to the vendor advisory for a...
Siemens InsydeH2O Classic Buffer Overflow (CVE-2022-24350)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...
Siemens InsydeH2O Improper Input Validation (CVE-2023-27373)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. Insyde BIOS is typically used in RUGGEDCOM APE products and some SIMATIC...
Siemens InsydeH2O Missing Release of Memory after Effective Lifetime (CVE-2022-35894)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker- specified buffer, leading to information disclosure. Insyde BIOS is typically used in RUGGEDCOM APE...
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41838)
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. Insyde BIOS is...
Siemens InsydeH2O Allocation of Resources Without Limits or Throttling (CVE-2021-41840)
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. Insyde...
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41839)
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges...
Insyde InsydeH2O Security Breach
Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.0 to 5.5, which...
Design/Logic Flaw
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerabili...
CVE-2023-27471
CVE-2023-27471 affects Insyde InsydeH2O BIOS/UEFI (kernel 5.0–5.5). The vulnerability arises from improper protection/validation of the MeSetup UEFI variable, which on some systems can be overwritten via OS APIs. Exploitation could lead to a platform denial of service, according to the available ...
CVE-2023-27471
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerabili...