Vulnerabilities (CVE)

Filtered by vendor Insyde Subscribe
Filtered by product Insydeh2o
Total 61 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40238 1 Insyde 1 Insydeh2o 2024-11-21 N/A 5.5 MEDIUM
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.
CVE-2023-39284 1 Insyde 1 Insydeh2o 2024-11-21 N/A 5.5 MEDIUM
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.
CVE-2023-39283 1 Insyde 1 Insydeh2o 2024-11-21 N/A 7.8 HIGH
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.
CVE-2023-39281 3 Amd, Insyde, Intel 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more 2024-11-21 N/A 9.8 CRITICAL
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.
CVE-2023-34195 1 Insyde 1 Insydeh2o 2024-11-21 N/A 7.8 HIGH
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set.
CVE-2023-31041 1 Insyde 1 Insydeh2o 2024-11-21 N/A 7.5 HIGH
An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.
CVE-2023-30633 1 Insyde 1 Insydeh2o 2024-11-21 N/A 5.3 MEDIUM
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices).
CVE-2023-27471 1 Insyde 1 Insydeh2o 2024-11-21 N/A 5.5 MEDIUM
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.
CVE-2023-27373 1 Insyde 1 Insydeh2o 2024-11-21 N/A 5.5 MEDIUM
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
CVE-2023-22616 1 Insyde 1 Insydeh2o 2024-11-21 N/A 7.8 HIGH
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.
CVE-2023-22615 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.4 HIGH
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.
CVE-2023-22614 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.8 HIGH
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.
CVE-2023-22613 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.8 HIGH
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
CVE-2023-22612 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.8 HIGH
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.
CVE-2022-36448 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.2 HIGH
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.
CVE-2022-36338 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.2 HIGH
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.
CVE-2022-35896 1 Insyde 1 Insydeh2o 2024-11-21 N/A 6.0 MEDIUM
An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.
CVE-2022-35895 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.2 HIGH
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.
CVE-2022-35894 1 Insyde 1 Insydeh2o 2024-11-21 N/A 6.0 MEDIUM
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.
CVE-2022-35893 1 Insyde 1 Insydeh2o 2024-11-21 N/A 8.2 HIGH
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.