CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

CVE-2023-28149

The CVE-2023-28149 issue affects the IhisiServiceSmm module in Insyde InsydeH2O. Affected kernel series include 5.2 prior to 05.28.42, 5.3 prior to 05.37.42, 5.4 prior to 05.45.39, 5.5 prior to 05.53.39, and 5.6 prior to 05.60.39. The vulnerability could allow an attacker to modify UEFI variables...

CVE-2023-28149

An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

CVE-2023-47252

Summary (CVE-2023-47252): Insyde InsydeH2O’s PnpSmm in the kernel range 5.0–5.6 is affected by an out-of-bounds access in the SMM communication buffer. The PNP-related SMI sub-functions do not verify data size before reading from the buffer, potentially allowing corruption of data immediately fol...

Mageia: Security Advisory (MGASA-2020-0183)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : Virtualbox (openSUSE-2020-925)

Virtualbox was updated to 6.0.22 released May 15 2020 by Oracle This is a maintenance release. The following items were fixed and/or added : Guest Additions: Build problems fix with Oracle Linux 8.2 Red Hat compatible kernel / Red Hat Enterprise Linux 8.2 / CentOS 8.2 bug 19391 Guest...

Security update for Virtualbox (moderate)

openSUSE Security Update: Security update for Virtualbox Announcement ID: openSUSE-SU-2020:0925-1 Rating: moderate References: 1169628 Cross-References: CVE-2020-2741 CVE-2020-2742 CVE-2020-2743 CVE-2020-2748 CVE-2020-2758 CVE-2020-2894 CVE-2020-2902 CVE-2020-2905 CVE-2020-2907 CVE-2020-2908...