Insyde's Security Pledge
Recent Security Advisories
Security Advisory Archives
BIOS & BMC
InsydeH2O | September 21, 2022 : SA-2022033
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022033 | SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O. | 8.2 |
InsydeH2O | September 21, 2022 : SA-2022032
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022032 | SMM memory corruption vulnerability in Software SMI handler in InsydeH2O. | 8.2 |
InsydeH2O | September 21, 2022 : SA-2022031
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022031 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 7.5 |
InsydeH2O | September 21, 2022 : SA-2022030
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022030 | SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O. | 6.0 |
InsydeH2O | September 21, 2022 : SA-2022029
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022029 | SMM callout vulnerability in SMM driver (SMM arbitrary code execution) in InsydeH2O. | 7.5 |
InsydeH2O | July 5, 2022 : SA-2022028
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022028 | Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS. | 3.6 |
InsydeH2O | February 21, 2022 : SA-2022027
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022027 | User and administrator password hashes are exposed in runtime UEFI variables, leading to escalation of privilege. | 6.5 |
InsydeH2O | February 21, 2022 : SA-2022026
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022026 | Error in handling the PlatformLangCodes UEFI variable could cause a buffer overflow, leading to resource exhaustion and failure. | 6.7 |
InsydeH2O | February 21, 2022 : SA-2022025
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022025 | HDD password is stored in plaintext. | 7.8 |
InsydeH2O | February 1, 2022 : SA-2022024
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022024 | An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "current_ptr" to read or write or manipulate data into SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. | 8.2 |
InsydeH2O | February 1, 2022 : SA-2022023
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022023 | An unsafe pointer vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler. An attacker can use this unsafe pointer "ptr" to read or write or manipulate data in the SMRAM. Exploitation of this vulnerability can lead to escalation of privileges reserved only for SMM using the SwSMI handler. | 8.2 |
InsydeH2O | February 1, 2022 : SA-2022022
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022022 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |