Insyde's Security Pledge
Recent Security Advisories
Security Advisory Archives
BIOS & BMC
InsydeH2O | February 1, 2022 : SA-2022013
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022013 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 8.2 |
InsydeH2O | February 1, 2022 : SA-2022012
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022012 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | February 1, 2022 : SA-2022011
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022011 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | February 1, 2022 : SA-2022010
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022010 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 8.2 |
InsydeH2O | February 1, 2022 : SA-2022009
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022009 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | February 1, 2022 : SA-2022008
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022008 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 8.2 |
InsydeH2O | February 1, 2022 : SA-2022007
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022007 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | February 1, 2022 : SA-2022006
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022006 | Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022005
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022005 | SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956). | 7.5 |
InsydeH2O | January 4, 2022 : SA-2022004
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022004 | AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. | 8.2 |
InsydeH2O | January 4, 2022 : SA-2022003
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022003 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |