threat
engine
.sh
Back
·
··:··
Home
/
Product
/
insyde insydeh2o
Product
insyde insydeh2o
66 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-55567
>= 5.4 and < 5.4.05.47.01
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 be
7.5
HIGH
CVE-2024-52879
>= 5.2 and < 5.2.05.29.50
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 bef
7.5
HIGH
CVE-2024-52878
>= 5.2 and < 5.2.05.29.50
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 bef
7.5
HIGH
CVE-2024-52877
>= 5.2 and < 5.2.05.29.50
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 bef
7.5
HIGH
CVE-2024-25079
>= 5.2 and < 5.29.09
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kerne
7.4
HIGH
CVE-2022-24351
>= 5.2 and < 5.2.05.27.29
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.2
4.7
MEDIUM
CVE-2023-40238
>= 5.2 and < 5.2.05.28.47
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 bef
5.5
MEDIUM
CVE-2023-39283
>= 5.0 and <= 5.5
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 thro
7.8
HIGH
CVE-2023-39284
>= 5.2 and < 5.2.05.28.33
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVaria
5.5
MEDIUM
CVE-2023-39281
all versions
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attack
9.8
CRITICAL
CVE-2023-30633
>= 5.3 and < 5.3.05.37.17
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, a
5.3
MEDIUM
CVE-2023-34195
>= 5.2 and < 5.2.05.28.22
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation
7.8
HIGH
CVE-2023-27471
all versions
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validat
5.5
MEDIUM
CVE-2023-31041
all versions
An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optio
7.5
HIGH
CVE-2023-27373
all versions
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tam
5.5
MEDIUM
CVE-2023-22616
>= 5.2 and <= 5.5
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The Ih
7.8
HIGH
CVE-2022-24350
>= 5.0 and <= 5.5
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output
5.5
MEDIUM
CVE-2023-22613
all versions
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-contro
8.8
HIGH
CVE-2023-22615
all versions
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM
8.4
HIGH
CVE-2023-22614
all versions
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation i
8.8
HIGH
CVE-2023-22612
all versions
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI
8.8
HIGH
CVE-2022-32477
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer us
7.0
HIGH
CVE-2022-32475
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used
7.0
HIGH
CVE-2022-32469
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and n
7.0
HIGH
CVE-2022-32953
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and no
7.0
HIGH
CVE-2022-32476
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM a
7.0
HIGH
CVE-2022-32473
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM
7.0
HIGH
CVE-2022-32470
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used b
7.0
HIGH
CVE-2022-32955
>= 5.0 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and n
7.0
HIGH
CVE-2022-32954
>= 5.1 and < 5.2.05.27.27
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non
7.0
HIGH
CVE-2022-32478
>= 5.0 and < 5.0.05.09.42
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM an
7.0
HIGH
CVE-2022-32474
>= 5.0 and < 5.0.05.09.42
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffe
7.0
HIGH
CVE-2022-32471
>= 5.0 and < 5.2.05.27.37
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer t
7.0
HIGH
CVE-2022-34325
>= 5.3 and < 05.36.23
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM
7.8
HIGH
CVE-2022-36448
>= 5.4 and < 05.44.30
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the So
8.2
HIGH
CVE-2022-35893
>= 5.0 and < 05.09.37
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServices
8.2
HIGH
CVE-2022-36338
>= 5.0 and <= 5.5
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockSer
8.2
HIGH
CVE-2022-35894
>= 5.0 and < 05.09.37
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an
6.0
MEDIUM
CVE-2022-35408
>= 5.1 and < 5.17.38
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLega
8.2
HIGH
CVE-2022-35896
>= 5.0 and <= 5.5
An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An att
6.0
MEDIUM
CVE-2022-35895
>= 5.0 and < 05.09.37
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate i
8.2
HIGH
CVE-2022-24031
>= 5.1 and < 5.16.42
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability a
8.2
HIGH
CVE-2022-24030
>= 5.0 and < 5.08.41
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allo
7.5
HIGH
CVE-2021-43615
>= 5.1 and < 5.16.23
An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.
8.2
HIGH
CVE-2021-43323
>= 5.1 and < 5.16.45
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.4
8.2
HIGH
CVE-2021-42554
>= 5.0 and < 5.08.42
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.4
8.2
HIGH
CVE-2021-42113
>= 5.1 and < 5.14.34
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.
8.2
HIGH
CVE-2021-42060
>= 5.2 and < 5.23.35
An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22,
8.2
HIGH
CVE-2021-42059
>= 5.0 and < 5.08.41
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Ke
6.7
MEDIUM
CVE-2021-41841
>= 5.0 and < 5.08.29
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an at
8.2
HIGH
CVE-2021-41840
>= 5.2 and < 5.23.35
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an
8.2
HIGH
CVE-2021-41839
>= 5.1 and < 5.16.25
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Derefe
8.2
HIGH
CVE-2021-41838
>= 5.1 and < 5.16.42
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an
8.2
HIGH
CVE-2021-41837
>= 5.0 and < 5.08.41
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereferen
8.2
HIGH
CVE-2021-33627
>= 5.0 and < 5.08.29
An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36
8.2
HIGH
CVE-2021-33625
>= 5.1 and < 5.16.23
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate()
7.5
HIGH
CVE-2020-5953
all versions
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler tha
7.5
HIGH
CVE-2022-24069
>= 5.1 and < 5.16.29
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.2
8.2
HIGH
CVE-2021-43522
>= 5.1 and < 5.14.34
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08
7.5
HIGH
CVE-2021-45971
>= 5.1 and < 5.16.25
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35
8.2
HIGH
CVE-2021-41842
>= 5.0 and < 05.08.46
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05
9.8
CRITICAL
CVE-2021-45970
>= 5.1 and < 5.16.25
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25
8.2
HIGH
CVE-2021-45969
>= 5.1 and < 5.16.25
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.2
8.2
HIGH
CVE-2020-5956
>= 5.2 and < 5.25.11
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.
7.5
HIGH
CVE-2021-33626
>= 5.3 and < 5.34.44
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or v
7.8
HIGH
CVE-2020-27339
>= 5.3 and < 5.34.44
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters
6.7
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin