Vulnerabilities (CVE)

Filtered by vendor Insyde Subscribe
Filtered by product Insydeh2o
Total 61 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45970 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).
CVE-2021-45969 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).
CVE-2021-43615 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-43522 1 Insyde 1 Insydeh2o 2024-11-21 6.9 MEDIUM 7.5 HIGH
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-43323 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-42554 2 Insyde, Siemens 31 Insydeh2o, Ruggedcom Ape1808, Ruggedcom Ape1808 Firmware and 28 more 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-42113 1 Insyde 1 Insydeh2o 2024-11-21 4.6 MEDIUM 8.2 HIGH
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-42060 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-42059 2 Insyde, Siemens 29 Insydeh2o, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 26 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.
CVE-2021-41842 1 Insyde 1 Insydeh2o 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
CVE-2021-41841 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.
CVE-2021-41840 1 Insyde 1 Insydeh2o 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.
CVE-2021-41839 1 Insyde 1 Insydeh2o 2024-11-21 4.6 MEDIUM 8.2 HIGH
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-41838 2 Insyde, Siemens 29 Insydeh2o, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 26 more 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.
CVE-2021-41837 2 Insyde, Siemens 29 Insydeh2o, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 26 more 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-33627 2 Insyde, Siemens 29 Insydeh2o, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 26 more 2024-11-21 7.2 HIGH 8.2 HIGH
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
CVE-2021-33626 2 Insyde, Siemens 33 Insydeh2o, Ruggedcom Apr1808, Ruggedcom Apr1808 Firmware and 30 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
CVE-2021-33625 3 Insyde, Netapp, Siemens 34 Insydeh2o, Fas\/aff Bios, Ruggedcom Ape1808 and 31 more 2024-11-21 6.9 MEDIUM 7.5 HIGH
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
CVE-2020-5956 1 Insyde 1 Insydeh2o 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
CVE-2020-5953 2 Insyde, Siemens 33 Insydeh2o, Ruggedcom Ape1808, Ruggedcom Ape1808 Firmware and 30 more 2024-11-21 6.9 MEDIUM 7.5 HIGH
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).