Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Insyde Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39281 3 Amd, Insyde, Intel 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more 2023-11-09 N/A 9.8 CRITICAL
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.
CVE-2021-38578 2 Insyde, Tianocore 2 Kernel, Edk2 2023-08-02 7.5 HIGH 9.8 CRITICAL
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVE-2020-5955 2 Insyde, Intel 21 Insydeh2o Uefi Bios, Cannon Lake, Coffee Lake and 18 more 2022-07-12 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
CVE-2022-24030 1 Insyde 1 Insydeh2o 2022-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-41842 1 Insyde 1 Insydeh2o 2022-02-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
CVE-2021-42554 1 Insyde 1 Insydeh2o 2022-02-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.