Search Insyde.com

Insyde's Security Pledge

Recent Security Advisories

Security Advisory Archives

BIOS & BMC

InsydeH2O | January 4, 2022 : SA-2022002

Link	Summary	CVSS Score
INSYDE-SA-2022002	A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.	8.2

InsydeH2O | January 4, 2022 : SA-2022001

Link	Summary	CVSS Score
INSYDE-SA-2022001	A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.	8.2

InsydeH2O | December 14, 2021 : SA-2021004

Link	Summary	CVSS Score
INSYDE-SA-2021004	Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption).	4.9

InsydeH2O | October 14, 2021 : SA-2021002

Link	Summary	CVSS Score
INSYDE-SA-2021002	Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.	N/A

InsydeH2O | June 14, 2021 : SA-2021001

Link	Summary	CVSS Score
INSYDE-SA-2021001	A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability.	7.2

InsydeH2O | August 12, 2019 : SA-2019001

Link	Summary	CVSS Score
INSYDE-SA-2019001	A potential security vulnerability in the Insyde software tools may allow escalation of privilege, or information disclosure. Insyde is releasing software updates to mitigate this potential vulnerability.	6.9

Back to Security Pledge