Since our inception 20 years ago, security has been essential. Hundreds of OEMs and ODM partners have trusted us with enabling the platforms that form the foundation of their products, knowing we share their commitment to make them secure. Product security is a top priority with our company and an area of focus that we continue to improve upon every day.

  • We sit on the security review team of the industry’s leading firmware standards body; the UEFI Security Response Team.
  • We have internal product security experts that drive our Security Development Lifecycle (SDL) process within our BIOS and BMC firmware teams and evaluate existing and emerging threats.
  • We issue regular and timely security alert bulletins when mitigations to vulnerabilities are discovered.
  • We work closely with all of our silicon vendor partners to ensure the timely and critical delivery of microcode updates and other patches.

At Insyde, we work with the broader industry to identify, report, mitigate and disclose security vulnerabilities. We support you, our customers and partners, in closing the door to anything which compromises the security or privacy in your platforms. We take this role seriously, because if your firmware is not secure, your product is not secure.

This is our pledge to you. If you have any questions about Insyde Software’s commitment to security, I urge you to reach out to us at security.report@insyde.com

Tim Lewis, Chief Technology Officer


Insyde Software Security Advisories for InsydeH2O UEFI Firmware:

Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-28149 6.1 IhisiServiceSmm: A vulnerability in the module that could allow an attacker to modify UEFI variables. INSYDE-SA-2023040 03/12/2024 03/12/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.3~8.3 VU#132380
Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
INSYDE-SA-2023066 01/16/2024 01/16/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 7 VU#275256
Vulnerabilities in EDK2 Reference implementation of the UEFI Specification.
INSYDE-SA-2023031 01/09/2024 01/09/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
N/A N/A Code change to accommodate OpenSSL 1.1.1w INSYDE-SA-2023062 12/12/2023 12/12/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-40238 5.5~6.1 Improper input validation may be exploited via local access. INSYDE-SA-2023053 12/06/2023 12/25/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
N/A Low Code change to accommondate OpenSSL 1.1.1v INSYDE-SA-2023059 11/14/2023 11/14/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-39284 6.1 IhisiServicesSmm: Arbitrary calls to SetVariable with unsanitized arguments in SMI handler. INSYDE-SA-2023056 10/31/2023 10/31/2023
CVE-2023-39283 5.3 CsmInt10HookSmm: SMM memory corruption vulnerability in SMM driver (SMRAM write). INSYDE-SA-2023055 10/31/2023 10/31/2023
CVE-2023-39281 4.1 AsfSecureBootDxe: Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase. INSYDE-SA-2023054 10/31/2023 10/31/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-30633 6.1 TrEEConfigDriver: Vulnerable devices can report false TPM PCR values masking malware activity. INSYDE-SA-2023045 10/10/2023 10/10/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-34195 5.3 SystemFirmwareManagementRuntimeDxe: potential arbitrary code execution in the DXE phase. INSYDE-SA-2023052 09/12/2023 09/12/2023
H2O-0324-2302 Low-Medium Code change to accommodate OpenSSL 1.1.1u INSYDE-SA-2023042 09/12/2023 09/12/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-2004 7.5 Upgrade FreeType Build Tool to version 2.13.0 INSYDE-SA-2023048 08/08/2023 08/08/2023
CVE-2023-24932 5.1 SysPasswordDxe: Cleartext storage of system password could lead to possible information disclosure. INSYDE-SA-2023047 08/08/2023 08/08/2023
CVE-2022-24351 5.9 FDM TOCTOU access after measurement allows redirected code execution. INSYDE-SA-2023038 08/08/2023 08/08/2023
CVE-2023-27471 4.1 MeSetup UEFI variable may be overwritten and causes DOS attacks. INSYDE-SA-2023036 08/08/2023 08/08/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-24932 6.7 Secure Boot Security Feature Bypass Vulnerability INSYDE-SA-2023050 07/11/2023 07/11/2023
H2O-0412-2301 N/A Secure Boot dbx update. INSYDE-SA-2023044 07/11/2023 07/11/2023
CVE-2023-28468 6.1 FvbServicesRuntimeDxe: Exposes an SMI handler that allows an attacker to interact with the SPI flash. INSYDE-SA-2023039 07/11/2023 07/11/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-26090 6.1 Insyde Setup EFI Variable Lock Bypass Vulnerability INSYDE-SA-2023034 06/13/2023 06/13/2023
CVE-2021-38576 7.5 [EDK2] Empty TPM Platform Auth INSYDE-SA-2023026 06/13/2023 06/13/2023
CVE-2022-46897 5.3 The CapsuleIFWUSmm driver does not check the return value which may cause memory leak. INSYDE-SA-2023018 06/13/2023 06/13/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.9-7.4 Code change to accommodate OpenSSL 1.1.1t INSYDE-SA-2023029 05/09/2023 09/14/2023
CVE-2019-17178 3.9 Vulnerabilities in BIOS PNG Decoder libs INSYDE-SA-2023016 05/09/2023 05/09/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-27373 6.4 Insufficient TSEG Overlap Checks. INSYDE-SA-2023035 05/05/2023 05/05/2023
CVE-2023-25600 3.0 OOB Read If “Console Redirection” EFI Variable Is Tampered. INSYDE-SA-2023028 05/05/2023 05/05/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2022-24350 5.3 IhisiSmm: Possible out of bounds in IHISI command buffer, leading to tampering. INSYDE-SA-2023027 04/10/2023 04/10/2023
CVE-2021-38575 8.1 [EDK2] NetworkPkg/IScsiDxe: remotely exploitable buffer overflows. INSYDE-SA-2023025 04/10/2023 04/10/2023
CVE-2021-38578 8.2 [EDK2] MdeModulePkg/PiSmmCore: SmmEntryPoint underflow. INSYDE-SA-2023024 04/10/2023 04/10/2023
CVE-2023-22613 7.3 IhisiServicesSmm: Write To Attacker Controlled Address. INSYDE-SA-2023023 04/10/2023 04/10/2023
CVE-2023-22616 6.4 IhisiServicesSmm: Save State Register Not Checked Before Use. INSYDE-SA-2023022 04/10/2023 04/10/2023
CVE-2023-22615 6.4 IhisiServicesSmm: IHISI Subfunction Execution May Corrupt SMRAM. INSYDE-SA-2023021 04/10/2023 04/10/2023
CVE-2023-22614 7.9 ChipsetSvcSmm: Insufficient Input Validation In BIOS Guard Updates. INSYDE-SA-2023020 04/10/2023 04/10/2023
CVE-2023-22612 8.1 IhisiServicesSmm: Memory Corruption in FTBS SMI Handler INSYDE-SA-2023019 04/10/2023 04/10/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2022-46758 6.4 H2OSmmDebugPrintErrorLevelLib: Variable size is not initialized before calling GetVariable INSYDE-SA-2023017 03/07/2023 03/07/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2022-32955 7.8 DMA attacks on the NvmExpressDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023015 02/14/2023 02/14/2023
CVE-2022-32954 7.8 DMA attacks on the SdMmcDevice shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023014 02/14/2023 02/14/2023
CVE-2022-32953 7.8 DMA attacks on the SdHostDriver shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023013 02/14/2023 02/14/2023
CVE-2022-32478 7.5 DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023010 02/14/2023 02/14/2023
CVE-2022-32477 8.2 DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023009 02/14/2023 02/14/2023
CVE-2022-32476 7.5 DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023008 02/14/2023 02/14/2023
CVE-2022-32475 8.2 DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023007 02/14/2023 02/14/2023
CVE-2022-32474 8.2 DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023006 02/14/2023 02/14/2023
CVE-2022-32473 8.2 DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023005 02/14/2023 02/14/2023
CVE-2022-32471 8.2 DMA attacks on the IHISI command buffer could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023003 02/14/2023 02/14/2023
CVE-2022-32470 8.2 DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023002 02/14/2023 02/14/2023
CVE-2022-32469 8.2 DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. INSYDE-SA-2023001 02/14/2023 02/14/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2022-30772 7.2 Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. INSYDE-SA-2022065 11/14/2022 11/14/2022
CVE-2022-30771 8.2 Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. INSYDE-SA-2022064 11/14/2022 11/14/2022
CVE-2022-30283 7.5 In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges. INSYDE-SA-2022063 11/14/2022 11/14/2022
CVE-2022-29279 7.5 Use of an untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. INSYDE-SA-2022062 11/14/2022 11/14/2022
CVE-2022-29278 7.5 Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. INSYDE-SA-2022061 11/14/2022 11/14/2022
CVE-2022-29277 7.5 Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications. INSYDE-SA-2022060 11/14/2022 12/07/2022
CVE-2022-29276 8.2 SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. INSYDE-SA-2022059 11/14/2022 11/14/2022
CVE-2022-29275 7.8 In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering INSYDE-SA-2022058 11/14/2022 11/14/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2022-34325 7.8 DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022057 11/08/2022 11/08/2022
CVE-2022-33986 7.4 DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. INSYDE-SA-2022056 11/08/2022 11/08/2022
CVE-2022-33985 7.5 DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022055 11/08/2022 11/08/2022
CVE-2022-33984 7.8 Stack buffer overflow vulnerability leads to arbitrary code execution INSYDE-SA-2022054 11/08/2022 11/08/2022
CVE-2022-33983 7.8 DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022053 11/08/2022 11/08/2022
CVE-2022-33982 7.4 DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. INSYDE-SA-2022052 11/08/2022 11/08/2022
CVE-2022-33909 7.8 DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022051 11/08/2022 11/08/2022
CVE-2022-33908 7.8 DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022050 11/08/2022 11/08/2022
CVE-2022-33907 8.2 DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022049 11/08/2022 11/08/2022
CVE-2022-33906 8.2 DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. INSYDE-SA-2022048 11/08/2022 11/08/2022
CVE-2022-33905 7.8 DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). INSYDE-SA-2022047 11/08/2022 11/08/2022
CVE-2022-32267 4.4 DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack). INSYDE-SA-2022046 11/08/2022 11/08/2022
CVE-2022-32266 3.9 DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to corruption of other ACPI fields and adjacent memory fields (a TOCTOU attack). INSYDE-SA-2022045 11/08/2022 11/08/2022
CVE-2022-31243 7.5 DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack). INSYDE-SA-2022044 11/08/2022 11/08/2022
CVE-2022-30774 7.5 DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents of parameter values (a TOCTOU attack). INSYDE-SA-2022043 11/08/2022 11/08/2022
CVE-2022-30773 8.2 DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values (a TOCTOU attack). INSYDE-SA-2022042 11/08/2022 11/08/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2022-35897 7.6 Stack buffer overflow vulnerability leads to arbitrary code execution INSYDE-SA-2022041 11/04/2022 11/04/2022
CVE-2022-35407 7.7 Stack buffer overflow vulnerability leads to arbitrary code execution INSYDE-SA-2022040 11/04/2022 11/04/2022
CVE-2022-36337 7.7 Stack buffer overflow vulnerability leads to arbitrary code execution INSYDE-SA-2022039 11/04/2022 11/04/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2022-27405 3.6 Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. INSYDE-SA-2022038 09/30/2022 09/30/2022
VU#309662
CVE-2022-34302
CVE-2022-34301
CVE-2022-34303
8.2 Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass INSYDE-SA-2022037 09/30/2022 09/30/2022
CVE-2017-5715 5.6 Side-channel analysis may allow unauthorized disclosure of information INSYDE-SA-2022036 09/30/2022 09/30/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2022-35893 8.2 SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. INSYDE-SA-2022035 09/21/2022 09/21/2022
CVE-2022-35896 6.0 SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. INSYDE-SA-2022034 09/21/2022 09/21/2022
CVE-2022-35895 8.2 SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. INSYDE-SA-2022033 09/21/2022 09/21/2022
CVE-2022-36448 8.2 SMM memory corruption vulnerability in Software SMI handler in InsydeH2O INSYDE-SA-2022032 09/21/2022 09/21/2022
CVE-2022-35408 7.5 SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. INSYDE-SA-2022031 09/21/2022 09/21/2022
CVE-2022-35894 6.0 SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. INSYDE-SA-2022030 09/21/2022 09/21/2022
CVE-2022-36338 7.5 SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. INSYDE-SA-2022029 09/21/2022 09/21/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
Refer to INSYDE-SA 3.6 Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. INSYDE-SA-2022028 07/05/2022 07/05/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2021-43613 6.5 User and administrator password hashes are exposed in runtime UEFI variables, leading to escalation of privilege. INSYDE-SA-2022027 02/21/2022 -
CVE-2021-43614 6.7 Error in handling the PlatformLangCodes UEFI variable could cause a buffer overflow, leading to resource exhaustion and failure. INSYDE-SA-2022026 02/21/2022 -
CVE-2021-38489 7.8 HDD password stored in plaintext. INSYDE-SA-2022025 02/21/2022 -

Insyde Software worked closely with Binarly, CERT and others to coordinate the analysis, disclosure and updates to the affected parties for the security disclosures published today. For additional information please refer to our news announcement.

Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2021-41837 8.2 An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "current_ptr" to read or write or manipulate data into SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. INSYDE-SA-2022024 02/01/2022 02/01/2022
CVE-2021-41838 8.2 An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "ptr" to read or write or manipulate data in the SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. INSYDE-SA-2022023 02/01/2022 02/01/2022
CVE-2021-33627 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. INSYDE-SA-2022022 02/01/2022 02/01/2022
CVE-2021-33626 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. INSYDE-SA-2022021 02/01/2022 02/01/2022
CVE-2021-41839 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This can be used by an attacker to overwrite address location of any of the functions (FreePool,LocateHandleBuffer,HandleProtocol) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. INSYDE-SA-2022020 02/01/2022 02/01/2022
CVE-2021-41841 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variables EFI_BOOT_SERVICES and EFI_RUNTIME_SERVICES. This can be used by an attacker to overwrite address location of the function (LocateHandleBuffer) to the address location of arbitrary code controlled by the attacker. On system call to SWSMI handler, the arbitrary code can be triggered to execute. INSYDE-SA-2022019 02/01/2022 02/01/2022
CVE-2021-41840 7.5 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code. INSYDE-SA-2022018 02/01/2022 02/01/2022
CVE-2020-5953 7.5 A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2). INSYDE-SA-2022017 02/01/2022 02/01/2022
CVE-2021-43323 8.2 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022016 02/01/2022 02/01/2022
CVE-2022-24031 7.5 SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022015 02/01/2022 02/01/2022
CVE-2021-33625 7.5 SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022014 02/01/2022 02/01/2022
CVE-2021-43615 8.2 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022013 02/01/2022 02/01/2022
CVE-2021-42554 7.5 SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022012 02/01/2022 02/01/2022
CVE-2022-24030 7.5 SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022011 02/01/2022 02/01/2022
CVE-2022-24069 8.2 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022010 02/01/2022 02/01/2022
CVE-2021-43522 7.5 SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022009 02/01/2022 02/01/2022
CVE-2021-42113 8.2 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022008 02/01/2022 02/01/2022
CVE-2021-42060 7.5 SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. INSYDE-SA-2022007 02/01/2022 02/01/2022
CVE-2021-42059 8.2 Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. INSYDE-SA-2022006 02/01/2022 02/01/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2020-5956 7.2 SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956) INSYDE-SA-2022005 01/04/2022 02/08/2022
CVE-2021-41842 8.2 AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. INSYDE-SA-2022004 01/04/2022 02/08/2022
CVE-2021-45969 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). INSYDE-SA-2022003 01/04/2022 02/08/2022
CVE-2021-45970 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). INSYDE-SA-2022002 01/04/2022 02/08/2022
CVE-2021-45971 8.2 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). INSYDE-SA-2022001 01/04/2022 02/08/2022
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2021-33834 4.9 Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption). INSYDE-SA-2021004 12/14/2021 09/05/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2021-33627 8.2 SMM code may allow content can be controlled by attacker who attains operating system privilege. INSYDE-SA-2021003 11/29/2021 11/29/2021
CVE-2020-27339 7.2 A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability. INSYDE-SA-2021001 06/14/2021 12/28/2021
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2020-5955 7.2 Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.

Intel Skylake: 05.04.15.0001, Intel Skylake MRD: 05.05.39.0001,
Intel Kaby Lake (Client): 05.10.48.0001, Intel Greenlow/Greenlow-R (Server/Embedded): 05.12.09.0075, Intel Kaby Lake MRD: 05.11.26.0015,
Intel Cannon Lake: 05.21.43.0001,
Intel Coffee Lake (Client): 05.21.43.0001, Intel Mehlow/Mehlow-R(Server/Embedded): 05.23.04.0045,
Intel Whiskey Lake (Client): 05.21.43.0001, Intel Whiskey Lake RVP (Server/Embedded): 05.23.45.0023, Intel Whiskey Lake/Coffee Lake: 05.23.27.0001,
Intel Comet Lake (Client): 05.32.47.0001, Intel Comet Lake RVP (Server/Embedded): 05.34.09.0030,
Intel Ice Lake: 05.32.30.0001, Intel Tiger Lake: 05.41.35.0001,
Intel Whitley-SP: 05.42.11.0026,
Intel Grantley-EP: 05.04.21.0068,
Intel Elkhart Lake: 05.42.09.0003
Intel Purley-EP Refresh Neon City: 05.21.51.0040
INSYDE-SA-2021002 10/21/2021 10/21/2021
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2020-27339 7.2 A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability. INSYDE-SA-2021001 06/14/2021 07/02/2021
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2020-5952 7.2 AhciBusDxe: Improper input validation might lead to arbitrary code execution vulnerability at SMM level INSYDE-SA-2020001 03/12/2024 03/12/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Original Date Last Revised
CVE-2019-12532 6.9 Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. INSYDE-SA-2019001 08/12/2019 -

Insyde Software Security Advisories for Supervyse BMC Firmware:

Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.3~6.5 Upgrade to curl version 8.5.0 INSYDE-SA-2023068 03/12/2024 03/12/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-38545 9.8 curl: SOCKS5 heap buffer overflow. INSYDE-SA-2023065 01/09/2024 01/09/2024
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-38039 7.5 HTTP headers eat all memory. INSYDE-SA-2023064 12/12/2023 12/12/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple Low Upgrade OpenSSL to 1.1.1v INSYDE-SA-2023060 11/14/2023 11/14/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
CVE-2023-34969 6.5 dbus: Unprivileged users to crash dbus-daemon. INSYDE-SA-2023061 09/12/2023 09/12/2023
CVE-2023-32001 5.5 curl: fopen race condition INSYDE-SA-2023058 09/12/2023 09/12/2023
Multiple Low-Medium Upgrade OpenSSL to 1.1.1u INSYDE-SA-2023043 09/12/2023 09/12/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 3.7~7.5 Upgrade curl to version 8.1.0 INSYDE-SA-2023051 08/08/2023 08/08/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.5-9.8 Upgrade libcurl to 8.0.0 INSYDE-SA-2023041 06/13/2023 06/13/2023
Common Vulnerabilities and Exposures (CVE) CVSS v3 Vulnerability Severity Description Insyde Security Advisory (SA) Date (MM/DD/YYYY) Last Revised
Multiple 5.9-7.4 Upgrade OpenSSL to 1.1.1t INSYDE-SA-2023049 05/09/2023 05/09/2023
Multiple 6.5-9.1 Upgrade libcurl to 7.88.0 INSYDE-SA-2023030 05/09/2023 05/09/2023

Past Announcements

Insyde Software's Response to the Recent Log4J Vulnerability

Insyde Software’s Security Teams have conducted thorough analysis for remote code execution vulnerabilities relating to Apache Log4j that was disclosed on December 9th 2021 and has found that its BIOS and BMC firmware products are not affected by CVE-2021-4428 and CVE-2021-45046.

  • All InsydeH2O UEFI BIOS versions as well as all of its related Development Tools do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities.
  • All Supervyse BMC Firmware versions do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities.
  • All Insyde IT environment do not use Apache Log4j and are not vulnerable to these disclosed vulnerabilities