Vulnerabilities > Insyde > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-16 | CVE-2022-24351 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process. | 4.7 |
| 2023-12-07 | CVE-2023-40238 | Cleartext Storage of Sensitive Information vulnerability in Insyde Insydeh2O A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. | 5.5 |
| 2023-11-02 | CVE-2023-39284 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-10-19 | CVE-2023-30633 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. low complexity insyde | 5.3 |
| 2023-08-18 | CVE-2023-27471 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-08-07 | CVE-2023-27373 | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2023-08-03 | CVE-2023-28468 | Incorrect Authorization vulnerability in Insyde Kernel An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.5 |
| 2023-04-12 | CVE-2022-24350 | Classic Buffer Overflow vulnerability in Insyde Insydeh2O An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. | 5.5 |
| 2022-11-21 | CVE-2022-35897 | Out-of-bounds Write vulnerability in Insyde Kernel An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.8 |
| 2022-11-15 | CVE-2022-30774 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . | 6.4 |