Vulnerabilities > Insyde > Kernel > 5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-03 | CVE-2023-28468 | Incorrect Authorization vulnerability in Insyde Kernel An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.5 |
2022-11-23 | CVE-2022-36337 | Out-of-bounds Write vulnerability in Insyde Kernel An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
2022-11-22 | CVE-2022-35407 | Out-of-bounds Write vulnerability in Insyde Kernel An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.8 |
2022-11-21 | CVE-2022-35897 | Out-of-bounds Write vulnerability in Insyde Kernel An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.8 |
2022-11-15 | CVE-2022-29276 | Out-of-bounds Write vulnerability in Insyde Kernel SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. | 8.2 |
2022-11-15 | CVE-2022-29279 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Kernel Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. | 8.2 |
2022-11-15 | CVE-2022-29275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Kernel In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. | 8.2 |
2022-11-15 | CVE-2022-30283 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. | 7.5 |
2022-11-15 | CVE-2022-30772 | Out-of-bounds Write vulnerability in Insyde Kernel Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. | 8.2 |
2022-03-03 | CVE-2021-38578 | Out-of-bounds Write vulnerability in multiple products Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | 9.8 |