Insyde Kernel
33 CVEs affecting Insyde Kernel. Latest disclosed: 2025-05-15. Critical: 0, High: 19.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36337 | High | 8.2 | 2022-11-23 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitra… |
CVE-2022-29279 | High | 8.2 | 2022-11-15 | Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and… |
CVE-2022-29278 | High | 8.2 | 2022-11-15 | Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver… |
CVE-2022-29276 | High | 8.2 | 2022-11-15 | SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRA… |
CVE-2022-30772 | High | 8.2 | 2022-11-15 | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver i… |
CVE-2022-30771 | High | 8.2 | 2022-11-15 | Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM… |
CVE-2022-29275 | High | 8.2 | 2022-11-15 | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation… |
CVE-2021-38575 | High | 8.1 | 2021-12-01 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
CVE-2024-52880 | High | 7.9 | 2025-05-15 | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel… |
CVE-2022-35407 | High | 7.8 | 2022-11-22 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver o… |
CVE-2022-30283 | High | 7.5 | 2022-11-15 | In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that cou… |
CVE-2024-25078 | High | 7.4 | 2024-05-15 | A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.0… |
CVE-2021-38578 | High | 7.4 | 2022-03-03 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. |
CVE-2022-33985 | High | 7.0 | 2022-11-15 | DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA… |
CVE-2022-33984 | High | 7.0 | 2022-11-15 | DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA tr… |
CVE-2022-33983 | High | 7.0 | 2022-11-15 | DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. D… |
CVE-2022-33909 | High | 7.0 | 2022-11-15 | DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA tr… |
CVE-2022-33908 | High | 7.0 | 2022-11-15 | DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA t… |
CVE-2022-33905 | High | 7.0 | 2022-11-15 | DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transacti… |
CVE-2022-35897 | Medium | 6.8 | 2022-11-21 | An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker… |