Skip to main content

Insydeh2o

28 CVEs product

Monthly

CVE-2024-55567 HIGH This Week

CVE-2024-55567 is an improper input validation vulnerability in the UsbCoreDxe module of Insyde InsydeH2O firmware that allows authenticated local attackers with high privileges to bypass SMM (System Management Mode) protections and execute arbitrary code at the highest firmware privilege level. This affects multiple kernel versions (5.4, 5.5, 5.6, 5.7) across numerous OEM BIOS implementations, enabling complete system compromise including kernel-level code execution and memory access. While CVSS rates this as 7.5 (high), real-world exploitation requires local access and administrative/BIOS-level privileges, though no public POC or active KEV designation has been confirmed.

RCE Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-52879 HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-52878 HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-52877 HIGH This Week

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-25079 HIGH This Week

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6. Rated high severity (CVSS 7.4). No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-40238 MEDIUM POC This Month

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Esprimo D556 2 Firmware Esprimo D6011 Firmware Esprimo D6012 Firmware +182
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2023-39283 HIGH This Week

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39284 MEDIUM This Month

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39281 CRITICAL Act Now

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Insydeh2o
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-30633 MEDIUM This Month

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Insydeh2o
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-34195 HIGH This Week

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27471 MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31041 HIGH This Week

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-27373 MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22616 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22613 HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22615 HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-22614 HIGH POC This Week

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-22612 HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-34325 HIGH This Week

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36448 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-35893 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-36338 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-35894 MEDIUM POC This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-35408 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-35896 MEDIUM POC This Month

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-35895 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-33626 HIGH This Week

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Insydeh2o Ruggedcom Apr1808 Firmware Simatic Field Pg M5 Firmware Simatic Field Pg M6 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

CVE-2024-55567 is an improper input validation vulnerability in the UsbCoreDxe module of Insyde InsydeH2O firmware that allows authenticated local attackers with high privileges to bypass SMM (System Management Mode) protections and execute arbitrary code at the highest firmware privilege level. This affects multiple kernel versions (5.4, 5.5, 5.6, 5.7) across numerous OEM BIOS implementations, enabling complete system compromise including kernel-level code execution and memory access. While CVSS rates this as 7.5 (high), real-world exploitation requires local access and administrative/BIOS-level privileges, though no public POC or active KEV designation has been confirmed.

RCE Insydeh2o
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6. Rated high severity (CVSS 7.4). No vendor patch available.

Buffer Overflow Insydeh2o
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Esprimo D556 2 Firmware +184
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Insydeh2o
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Insydeh2o
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Insydeh2o
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 7.8
HIGH This Week

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
EPSS 0% CVSS 6.0
MEDIUM POC This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
EPSS 0% CVSS 6.0
MEDIUM POC This Month

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Insydeh2o Ruggedcom Apr1808 Firmware +15
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy