Every CVE whose affected-product data names Insyde Kernel, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2022-30771 — CVSS 8.2 (high): Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm…
CVE-2022-30772 — CVSS 8.2 (high): Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of…
CVE-2022-29275 — CVSS 8.2 (high): In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering…
CVE-2022-29276 — CVSS 8.2 (high): SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading…
CVE-2022-29278 — CVSS 8.2 (high): Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the…
CVE-2022-29279 — CVSS 8.2 (high): Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows…
CVE-2022-36337 — CVSS 8.2 (high): An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration…
CVE-2024-52880 — CVSS 7.9 (high): An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before…
CVE-2022-35407 — CVSS 7.8 (high): An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the…
CVE-2022-30283 — CVSS 7.5 (high): In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a…
CVE-2021-38578 — CVSS 7.4 (high): Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVE-2024-25078 — CVSS 7.4 (high): A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3…
CVE-2022-33984 — CVSS 7.0 (high): DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a…
CVE-2022-33905 — CVSS 7.0 (high): DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU…
CVE-2022-33908 — CVSS 7.0 (high): DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a…
CVE-2022-33909 — CVSS 7.0 (high): DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a…
CVE-2022-33983 — CVSS 7.0 (high): DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption…
CVE-2022-33985 — CVSS 7.0 (high): DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a…
CVE-2022-35897 — CVSS 6.8 (medium): An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through…
CVE-2023-28468 — CVSS 6.5 (medium): An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module…
CVE-2022-30773 — CVSS 6.4 (medium): DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but…
CVE-2022-30774 — CVSS 6.4 (medium): DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before…
CVE-2022-33986 — CVSS 6.4 (medium): DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the…
CVE-2022-32267 — CVSS 6.4 (medium): DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU…
CVE-2022-32266 — CVSS 6.4 (medium): DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI…
CVE-2022-31243 — CVSS 6.4 (medium): Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the…
CVE-2024-49200 — CVSS 6.4 (medium): An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory…
CVE-2022-33907 — CVSS 6.4 (medium): DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM…
CVE-2022-33982 — CVSS 6.4 (medium): DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and…
CVE-2022-33906 — CVSS 6.4 (medium): DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption…
CVE-2023-47252 — CVSS 6.3 (medium): An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM…
CVE-2022-46897 — CVSS 5.3 (medium): An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a…