Insyde's Security Pledge
Recent Security Advisories
Security Advisory Archives
BIOS & BMC
InsydeH2O | February 1, 2022 : SA-2022009
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022009 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | February 1, 2022 : SA-2022008
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022008 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 8.2 |
InsydeH2O | February 1, 2022 : SA-2022007
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022007 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | February 1, 2022 : SA-2022006
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022006 | Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022005
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022005 | SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956). | 7.5 |
InsydeH2O | January 4, 2022 : SA-2022004
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022004 | AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022003
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022003 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022002
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022002 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | December 14, 2021 : SA-2021004
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2021004 | Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption). | 4.9 |
InsydeH2O | October 14, 2021 : SA-2021002
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2021002 | Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.
| N/A |