Vulnerabilities > Insyde > Insydeh2O > 5.4.05.45.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-40238 | Cleartext Storage of Sensitive Information vulnerability in Insyde Insydeh2O A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. | 5.5 |
| 2023-11-02 | CVE-2023-39283 | Out-of-bounds Write vulnerability in Insyde Insydeh2O An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. | 7.8 |
| 2023-11-02 | CVE-2023-39284 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-04-12 | CVE-2022-24350 | Classic Buffer Overflow vulnerability in Insyde Insydeh2O An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-04-12 | CVE-2023-22616 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. | 7.8 |
| 2022-11-14 | CVE-2022-34325 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
| 2022-09-28 | CVE-2022-36448 | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
| 2022-09-23 | CVE-2022-35893 | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
| 2022-09-23 | CVE-2022-36338 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
| 2022-09-22 | CVE-2022-35894 | Memory Leak vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.0 |