Insyde Kernel

33 CVEs affecting Insyde Kernel. Latest disclosed: 2025-05-15. Critical: 0, High: 19.

Top CVEs affecting Insyde Kernel
CVESeverityScorePublishedSummary
CVE-2022-36337High8.22022-11-23An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitra…
CVE-2022-29279High8.22022-11-15Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and…
CVE-2022-29278High8.22022-11-15Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver…
CVE-2022-29276High8.22022-11-15SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRA…
CVE-2022-30772High8.22022-11-15Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver i…
CVE-2022-30771High8.22022-11-15Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM…
CVE-2022-29275High8.22022-11-15In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation…
CVE-2021-38575High8.12021-12-01NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
CVE-2024-52880High7.92025-05-15An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel…
CVE-2022-35407High7.82022-11-22An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver o…
CVE-2022-30283High7.52022-11-15In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that cou…
CVE-2024-25078High7.42024-05-15A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.0…
CVE-2021-38578High7.42022-03-03Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVE-2022-33985High7.02022-11-15DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA…
CVE-2022-33984High7.02022-11-15DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA tr…
CVE-2022-33983High7.02022-11-15DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. D…
CVE-2022-33909High7.02022-11-15DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA tr…
CVE-2022-33908High7.02022-11-15DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA t…
CVE-2022-33905High7.02022-11-15DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transacti…
CVE-2022-35897Medium6.82022-11-21An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker…