Show filters
94 Total Results
Displaying 91-94 of 94
Sort by:
Attacker Value
Unknown
CVE-2021-33626
Disclosure Date: October 01, 2021 (last updated February 23, 2025)
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.
0
Attacker Value
Unknown
CVE-2020-27339
Disclosure Date: June 16, 2021 (last updated February 22, 2025)
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
0
Attacker Value
Unknown
CVE-2019-12532
Disclosure Date: August 26, 2019 (last updated November 27, 2024)
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
0
Attacker Value
Unknown
CVE-2005-4175
Disclosure Date: December 11, 2005 (last updated February 22, 2025)
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
0