Vulnerabilities > Insyde > Insydeh2O > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-03 | CVE-2022-24030 | Out-of-bounds Write vulnerability in Insyde Insydeh2O An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. | 6.9 |
| 2022-02-03 | CVE-2020-5953 | A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. | 6.9 |
| 2022-02-03 | CVE-2021-43522 | Out-of-bounds Write vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. | 6.9 |
| 2022-01-05 | CVE-2020-5956 | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. | 5.0 |
| 2021-10-01 | CVE-2021-33626 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). | 4.6 |