Vulnerabilities > Insyde
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-16 | CVE-2022-24351 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process. | 4.7 |
| 2023-12-07 | CVE-2023-40238 | Cleartext Storage of Sensitive Information vulnerability in Insyde Insydeh2O A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. | 5.5 |
| 2023-11-02 | CVE-2023-39283 | Out-of-bounds Write vulnerability in Insyde Insydeh2O An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. | 7.8 |
| 2023-11-02 | CVE-2023-39284 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-11-01 | CVE-2023-39281 | Out-of-bounds Write vulnerability in Insyde Insydeh2O A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | 9.8 |
| 2023-10-19 | CVE-2023-30633 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. low complexity insyde | 5.3 |
| 2023-09-18 | CVE-2023-34195 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.8 |
| 2023-09-08 | CVE-2021-33834 | Out-of-bounds Write vulnerability in Insyde H2Offt and Iscflashx64.Sys An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. | 7.1 |
| 2023-08-18 | CVE-2023-27471 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-08-14 | CVE-2023-31041 | Cleartext Storage of Sensitive Information vulnerability in Insyde Insydeh2O An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.5 |